Wednesday, September 30, 11:50
Home security The new EmoCheck tool checks if you are infected with the Emotet trojan

The new EmoCheck tool checks if you are infected with the Emotet trojan

EmotetΗ Japan CERT (Emergency Response Team) released one toolWhich allows them users of Windows to check if they are infected with Emotet Trojan.

Emotet is one of the most popular malware. The cybercriminals they prefer it because it is very effective. Distributed via Phishing emails that usually contain malicious Word documents.

These emails are presented as invoices, notifications, account reports, invitations, and even as warnings about coronavirus. The goal is to confuse the victim and deceive her to open the attachment.

Once installed, Emotet will use the infected computer to send spam emails and others victims. Also it also installs other malware.

Emotet usually downloads and installs the banking trojan Trickbot, which steals stored credentials, cookies, browser history information, SSH keys, and more. He is also trying to infect others computers belonging to the same network.

If the network is "high value", the TrickBot will activate Ryuk Ransomware to encrypt it.

So Emotet is a lot dangerous. Victims should identify it immediately and remove it before it can install another malware software.

EmoCheck: The tool for detecting Emotet

When installing Emotet from one malicious attached, the trojan is stored in a "semi-random" folder under% LocalAppData%.

The folder name is semi-random because it does not use random characters but consists of two keywords from the following list:

duck, mfidl, targets, ptr, Khmer, purge, metrics, acc, inet, msra, symbol, driver, sidebar, restore, msg, volume, cards, shext, query, roam, etw, mexico, basic, url, createa, blb, pal, cors, send, devices, radio, bid, format, thrd, taskmgr, timeout, vmd, ctl, bta, shlp, avi, exce, dbt, pfx, rtp, edge, mult, clr, wmistr, ellipse, vol, cyan, ses, guid, wce, wmp, dvb, elem, channel, space, digital, pdeft, violet, thunk

As shown below, Emotet was installed in the 'symbolguid' folder. (combination of two words in the list).


To check if you are infected with Emotet, you can download the EmoCheck tool from Japan CERT's GitHub repository.

After downloading, export the zip file and double-click emocheck_x64.exe (64-bit version) or emocheck_x86.exe (32 bit version) depending on the downloaded content.

Once it runs, EmoCheck will launch them scans. If he finds out that computer you have been infected with Emotet will notify you. She will find, even her location in which the malicious file is located.

This information will also be stored in a log file located at [path of emocheck.exe] \ yyyymmddhhmmss_emocheck.txt.

If you run EmoCheck and find out that you are infected, you should open it immediately Task Manager and terminate the procedure mentioned.

Then you need to scan the computer with one reliable antivirus software to see if other malware is installed.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


OTE Group: A guide to the digital transformation of society and business

-A total of nine awards and the top distinction ICT Company of the Year, for the second year in the OTE Group, in Impact Business IT ...

Americans receive unwanted election messages every day!

As the early voting for the US presidential election on November 3 is underway, many Americans (50%) ...

Amazon: Automation has brought more injuries

According to leaked data, it seems that Amazon's automated warehouses have higher injury rates. Since 2014, ...

United Kingdom: Why have hacking prosecutions decreased in the country?

According to a report by the law firm RPC, hacking prosecutions decreased in the United Kingdom by 12% in 2019, compared to ...

Insurance company Arthur J. Gallagher victim of ransomware attack

US-based insurance company Arthur J. Gallagher (AJG) said it was attacked by ransomware on Saturday. It is about a...

Thousands of Microsoft Exchange servers are vulnerable to RCE vulnerabilities

More than 247.000 Microsoft Exchange servers need to be updated to address the CVE-2020-0688 vulnerability, which ...

How to use the YEAR function in Microsoft Excel

If you need to quickly export the year from a date in Microsoft Excel, you can use the YEAR function. This will ...

5G: Nokia wins deal after Huawei shut down!

Nokia has signed a major 5G agreement with the largest British telecommunications group BT, after the exclusion of Huawei!

Palmerworm hackers have been hiding in corporate networks for months

The company Symantec reported that the attacks against organizations in the USA, Japan, Taiwan and China are carried out with the aim of ...

Cannabis: Covid-19 has dramatically increased its users worldwide

The global pandemic seems to be driving consumers to cannabis, and vaporizer manufacturers are setting record sales. From newly established companies to ...