Trojan

What is “Win32/TrojanDownloader.Banload.YHU”?

Malware Removal

The Win32/TrojanDownloader.Banload.YHU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/TrojanDownloader.Banload.YHU virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/TrojanDownloader.Banload.YHU?


File Info:

name: B55EC9ACFD827B577795.mlw
path: /opt/CAPEv2/storage/binaries/8c1cb9293fb5c16d51116d6efd2585d38fca0f2cdd11579368ef7671b0e81d08
crc32: 2F90616F
md5: b55ec9acfd827b577795f1277b4623a6
sha1: 258ef503c57f1ce2a26c92ce7932144d8e3df8b2
sha256: 8c1cb9293fb5c16d51116d6efd2585d38fca0f2cdd11579368ef7671b0e81d08
sha512: 4166b0e4497ecccd3f6b5e6ace1b58097469724e9c0b0ef8247d682be7179daf11046c24f0df7169e8d308bf9c0a35794de272c79370d2f285d39bd0b7e9eb02
ssdeep: 49152:PJvkjDh5c0FFsueSalJXa3qk5psqvUVCTx/O:PdkjgiFR3qIpBv5
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F8E54B53B288E13EE06B1E3A49679650A93FBF602A168C577BF0094C4F357416D2E73B
sha3_384: 87dd88004037ec24fb9cc067c408976f13f1ff7f287e6a7708fb04506bf730344031065cca3f86f5ed74bac9d766c5e6
ep_bytes: 558bec83c4e453565733c08945e48945
timestamp: 2018-12-19 20:36:37

Version Info:

0: [No Data]

Win32/TrojanDownloader.Banload.YHU also known as:

LionicTrojan.Win32.Agent.4!c
MicroWorld-eScanGen:Variant.Zusy.308548
FireEyeGeneric.mg.b55ec9acfd827b57
ALYacGen:Variant.Zusy.308548
CylanceUnsafe
ZillyaDownloader.Banload.Win32.87855
SangforTrojan.Win32.Agent.gen
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDownloader:Win32/Banload.f22c79ad
K7GWTrojan-Downloader ( 005706331 )
K7AntiVirusTrojan-Downloader ( 005706331 )
BitDefenderThetaAI:Packer.BEF4F43721
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Banload.YHU
APEXMalicious
KasperskyHEUR:Trojan-Banker.Win32.Agent.gen
BitDefenderGen:Variant.Zusy.308548
AvastWin32:Trojan-gen
TencentWin32.Trojan-banker.Agent.Pefu
Ad-AwareGen:Variant.Zusy.308548
EmsisoftGen:Variant.Zusy.308548 (B)
ComodoMalware@#fah0egjr74z1
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojan.Win32.MALREP.THABBGAH
McAfee-GW-EditionGenericRXHJ-LQ!B55EC9ACFD82
SophosMal/Generic-S
IkarusTrojan.Diztakun
AviraHEUR/AGEN.1139546
Antiy-AVLTrojan/Generic.ASMalwS.29F5B53
MicrosoftTrojan:Win32/Occamy.C8C
ArcabitTrojan.Zusy.D4B544
GDataGen:Variant.Zusy.308548
AhnLab-V3Malware/Gen.Generic.C2981979
McAfeeGenericRXHJ-LQ!B55EC9ACFD82
MAXmalware (ai score=100)
VBA32TScope.Trojan.Delf
MalwarebytesTrojan.Banker
TrendMicro-HouseCallTrojan.Win32.MALREP.THABBGAH
YandexTrojan.GenAsa!dV50Nf1zmh4
FortinetW32/Banload.YHU!tr.dldr
AVGWin32:Trojan-gen
Cybereasonmalicious.cfd827
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32/TrojanDownloader.Banload.YHU?

Win32/TrojanDownloader.Banload.YHU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment