Malware

Win32:Susn-BB [Trj] information

Malware Removal

The Win32:Susn-BB [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Susn-BB [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • A system process is generating network traffic likely as a result of process injection
  • Attempts to modify proxy settings

How to determine Win32:Susn-BB [Trj]?



File Info:

name: 3D21A06B880B3F635D5D.mlw
path: /opt/CAPEv2/storage/binaries/ed0876f34632254c783ae99b34dde1103e345d1168133f4e3a756454f6845bb0
crc32: 768B25D2
md5: 3d21a06b880b3f635d5da4e388cda433
sha1: 851ebbf71deb1c44670669184506b0f77a10fbd6
sha256: ed0876f34632254c783ae99b34dde1103e345d1168133f4e3a756454f6845bb0
sha512: 53816b05032b6668dffb2b16d5df370fc7232aa19d439645d615768c95c622885f2519e0f1d7858b116d25b38c18a4388ba3a54f8a017a88c5eec43dd03f7072
ssdeep: 3072:Vwi3nhIp7tPp5NjUsXnm1e3MufO0f/nanIt1P+17xM8poF0UsGKjpAJols0DDi:Si3hIdNLiUmyO6nRt1P+17Bpo6UsGKiI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B14010824E88FABF06706F754B23B624696793DFB35A5C71088374A049BFD5E42A793
sha3_384: febba44cd1444b2f291dcec306b7006f17c91eaa5177d8600434ba46e47aab588c84d4ff14429d4d3a4e106f739e8b91
ep_bytes: 558bec81ecbc000000a144de42008985
timestamp: 2016-10-27 10:46:50


Version Info:

Comments: http://www.metaquotes.net
CompanyName: MetaQuotes Software Corp.
FileDescription: MetaTrader
FileVersion: 4.0.0.509
InternalName: MetaTrader
LegalCopyright: © 2001-2013, MetaQuotes Software Corp.
LegalTrademarks: MetaTrader®
ProductName: MetaTrader
ProductVersion: 4.0.0.509
Translation: 0x0000 0x04b0

Win32:Susn-BB [Trj] also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Fareit.i!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.4282878
FireEyeGeneric.mg.3d21a06b880b3f63
McAfeeGeneric.aam
CylanceUnsafe
VIPRETrojan.GenericKD.4282878
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 004ffed21 )
AlibabaTrojanPSW:Win32/Fareit.58b32ed7
K7GWTrojan-Downloader ( 004ffed21 )
Cybereasonmalicious.b880b3
VirITTrojan.Win32.Genus.VT
CyrenW32/Fareit.LSIJ-3587
SymantecPacked.Generic.530
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Agent.CZA
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Fareit-5949362-0
KasperskyTrojan-PSW.Win32.Fareit.ckrn
BitDefenderTrojan.GenericKD.4282878
NANO-AntivirusTrojan.Win32.Pincav.fmwgpw
AvastWin32:Susn-BB [Trj]
TencentMalware.Win32.Gencirc.11492336
Ad-AwareTrojan.GenericKD.4282878
EmsisoftTrojan.GenericKD.4282878 (B)
ComodoMalware@#2yp4name50uc7
DrWebTrojan.PWS.Siggen1.61483
ZillyaTrojan.Fareit.Win32.18141
TrendMicroTSPY_FAREIT.AUSILA
McAfee-GW-EditionGeneric.aam
Trapminemalicious.high.ml.score
SophosMal/Generic-R + Troj/Fareit-CCX
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.Agent.4KP6RL
JiangminTrojan.Invader.byk
WebrootW32.Trojan.Gen
AviraTR/Crypt.ZPACK.hkdfz
Antiy-AVLTrojan/Generic.ASMalwS.3E79
KingsoftWin32.PSWTroj.Fareit.ck.(kcloud)
ArcabitTrojan.Generic.D4159FE
ViRobotTrojan.Win32.Z.Crypt.190976.E
ZoneAlarmTrojan-PSW.Win32.Fareit.ckrn
MicrosoftTrojan:Win32/Derbit.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Fareit.C1767829
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34786.lu0@aOUazdci
ALYacTrojan.Agent.gen
VBA32TrojanSpy.Zbot
MalwarebytesMachineLearning/Anomalous.100%
TrendMicro-HouseCallTSPY_FAREIT.AUSILA
RisingDownloader.Agent!8.B23 (KTSE)
YandexTrojan.GenAsa!s95QkMQborc
IkarusTrojan-Downloader.Win32.Agent
FortinetW32/Agent.CZA!tr.dldr
AVGWin32:Susn-BB [Trj]
PandaTrj/WLT.C
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:Susn-BB [Trj]?

Win32:Susn-BB [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment