Home / malware Trojan:Win32/Emotet.B
First posted on 11 March 2019.
Source: MicrosoftAliases :
Trojan:Win32/Emotet.B is also known as TROJ_DLOADR.BDL, Trojan-Ransom.Win32.Foreign.kvdw.
Explanation :
Installation Trojan:Win32/Emotet.B copies itself to c:documents and settingsadministratorapplication datamicrosoftpkdsetup.exe. The malware creates the following files on your PC:
c:documents and settingsadministratorapplication data8537768.bat The malware uses code injection to make it harder to detect and remove. It can inject code into running processes. Payload Contacts remote hosts Trojan:Win32/Emotet.B may contact the following remote hosts using port 8080:
173.236.86.214182.253.237.6185.4.66.179192.163.232.235202.143.185.107204.93.183.19631.192.210.8658.97.0.572.9.156.2080.48.62.1880.91.191.158
Commonly, malware does this to: Confirm Internet connectivity Report a new infection to its author Receive configuration or other data Download and run files, including updates or other malware Receive instructions from a remote hacker Upload data taken from your PC This malware description was produced and published using automated analysis of file SHA1 9a98a16d31412711b6475c42cac0cf415341fbc0.Last update 11 March 2019
