Malware

Win32:Banker-MEQ [Trj] malicious file

Malware Removal

The Win32:Banker-MEQ [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Banker-MEQ [Trj] virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Queries information on disks, possibly for anti-virtualization
  • Detects Sandboxie through the presence of a library
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings

How to determine Win32:Banker-MEQ [Trj]?



File Info:

name: 64904E4D2BCAE1D9CEAC.mlw
path: /opt/CAPEv2/storage/binaries/b5ed5314c62329a5b8e1a676eb9db1003476136fdd6a5814e27aedf190f14202
crc32: 1E02A9FF
md5: 64904e4d2bcae1d9ceac6028d4690c5f
sha1: fd3e9340bb2959a8088545e84c36b22a1e5050a3
sha256: b5ed5314c62329a5b8e1a676eb9db1003476136fdd6a5814e27aedf190f14202
sha512: de0ff3e1a181d82713005b228bc624b4eeded97d2e5aec38e016e88f4b8cf33ff7fc76eca3c86188a1a09004795809d4327921f907659bc74cb1d572a1582b79
ssdeep: 3072:IAsj8MBX8s0oXJE0K9nvYOWolaEbNxB7x8zNq5EtRNCWrQ:IAsBZrKTlawBFDaRrQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19614BF67F1C191E6E9D08630262B952163B33D36BA1C99473254FB2AE7F7377C626C02
sha3_384: b1ead63bbc97c0563d14c86d68724fbf89dac23559cc33b372ae7d6a0df7f00731da013efb5de4a236efdb4ab97d746b
ep_bytes: 81ec8401000053555633db57895c2418
timestamp: 2014-10-07 04:40:17


Version Info:

CompanyName: OpenVPN Technologies
FileDescription: PrivateTunnel
FileVersion: 0.0.2.3
LegalCopyright: Copyright(C) 2002-2013 OpenVPN Technologies
ProductName: PrivateTunnel
ProductVersion: 0.0.2.3
Translation: 0x0000 0x04e4

Win32:Banker-MEQ [Trj] also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.244547
FireEyeGeneric.mg.64904e4d2bcae1d9
CAT-QuickHealRansom.Crowti.NSIS.A
McAfeeTrojan-FOXG!64904E4D2BCA
MalwarebytesMalware.AI.1187786674
ZillyaTrojan.GenericKD.Win32.161961
K7AntiVirusTrojan ( 004ce4021 )
K7GWTrojan ( 004ce4021 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/Trojan.MIGO-6062
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Trojan.Gamarue-7008527-0
KasperskyTrojan.Win32.Inject.vjft
BitDefenderGen:Variant.Strictor.244547
NANO-AntivirusTrojan.Win32.CHPX.efhfrh
SUPERAntiSpywareTrojan.Agent/Gen-Banker
AvastWin32:Banker-MEQ [Trj]
Ad-AwareGen:Variant.Strictor.244547
EmsisoftGen:Variant.Strictor.244547 (B)
ComodoMalware@#23vs294nh1mh8
DrWebWin32.HLLW.Phorpiex.54
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0DKG21
McAfee-GW-EditionBehavesLike.Win32.Sality.ch
SophosML/PE-A + Mal/Cerber-Z
IkarusTrojan.Win32.Injector
GDataWin32.Trojan.Agent.FMKPSM
AviraHEUR/Patched.Ren
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.1416B14
ArcabitTrojan.Strictor.D3BB43
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win32.Limitail.R165144
BitDefenderThetaGen:NN.ZedlaF.34084.dO4@aq4lYcd
ALYacGen:Variant.Strictor.244547
VBA32Trojan.Inject
TrendMicro-HouseCallTROJ_GEN.R002C0DKG21
RisingTrojan.DL.Win32.Banloaden.ym (CLASSIC)
YandexTrojan.Injector!BZuXHA12DPA
SentinelOneStatic AI – Suspicious PE
eGambitGeneric.Malware
FortinetW32/Injector.CHPX!tr
AVGWin32:Banker-MEQ [Trj]
Cybereasonmalicious.d2bcae

How to remove Win32:Banker-MEQ [Trj]?

Win32:Banker-MEQ [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment