Backdoor

About “Backdoor.Agent.RND” infection

Malware Removal

The Backdoor.Agent.RND is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Agent.RND virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Backdoor.Agent.RND?



File Info:

crc32: 1FFA80A4
md5: 07296e65048ac1d2664dfc3b0085d020
name: 07296E65048AC1D2664DFC3B0085D020.mlw
sha1: cf05310edef63f7a69839ebc3acb1cf6ad6fe184
sha256: 2e70f4a34cc92262cc2ecdf2a6286806015b4f542d71687efacc5c8393e6ebd1
sha512: 8d7f2c80ea2bd7a9f084a4523486cdb575a2885d20b3720b6e2dd0541e7443049880f94542ea8a32e64f3464c7afc75df45f4ce708845627c6b69cfb9a89db01
ssdeep: 3072:TBbtEjVsD49AIDfeIWFRCHkLVvKKZMWjmn1f1kOVnvEHmUo99e9KHQ9gyvN89n:T0jVsEPDWdCSbMWjsmO939e9MQuyvUn
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Backdoor.Agent.RND also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader10.17020
MicroWorld-eScanGen:Heur.Ransom.Cerber.2
FireEyeGeneric.mg.07296e65048ac1d2
CAT-QuickHealFraudTool.Security
McAfeePWSZbot-FFB!07296E65048A
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.mygq
SangforRansom.Win32.Cerber_50.se
K7AntiVirusTrojan ( 0045b35d1 )
BitDefenderGen:Heur.Ransom.Cerber.2
K7GWTrojan ( 0045b35d1 )
Cybereasonmalicious.5048ac
BitDefenderThetaGen:NN.ZexaF.34590.mmX@auvls7jO
CyrenW32/Upwe.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Kryptik-NTD [Trj]
ClamAVWin.Trojan.Blocker-346
KasperskyTrojan-Ransom.Win32.Blocker.chmq
AlibabaRansom:Win32/Blocker.44139265
NANO-AntivirusTrojan.Win32.Blocker.cjench
TencentTrojan-ransom.Win32.Blocker.chmq
Ad-AwareGen:Heur.Ransom.Cerber.2
EmsisoftGen:Heur.Ransom.Cerber.2 (B)
ComodoTrojWare.Win32.Kryptik.ZBT@520i09
F-SecureTrojan.TR/Crypt.ZPACK.Gen9
BaiduWin32.Trojan.Kryptik.aj
ZillyaTrojan.Blocker.Win32.10749
TrendMicroTSPY_ZBOT.SMODN
McAfee-GW-EditionPWSZbot-FFB!07296E65048A
SophosMal/Generic-S + Troj/Agent-ADWZ
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Blocker.gii
AviraTR/Crypt.ZPACK.Gen9
MAXmalware (ai score=100)
Antiy-AVLTrojan[Ransom]/Win32.Blocker
KingsoftHeur.SSC.2725418.1216.(kcloud)
MicrosoftPWS:Win32/Zbot
ArcabitTrojan.Ransom.Cerber.2
SUPERAntiSpywareTrojan.Agent/Gen-Krypt
ZoneAlarmTrojan-Ransom.Win32.Blocker.chmq
GDataGen:Heur.Ransom.Cerber.2
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R83200
Acronissuspicious
VBA32Hoax.Blocker
ALYacGen:Heur.Ransom.Cerber.2
TACHYONTrojan/W32.Blocker.201448
MalwarebytesBackdoor.Agent.RND
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.BKOY
TrendMicro-HouseCallTSPY_ZBOT.SMODN
RisingRansom.Blocker!8.12A (CLOUD)
YandexTrojan.GenAsa!Yq9xyJPahTE
IkarusTrojan-Spy.Zbot
eGambitUnsafe.AI_Score_95%
FortinetW32/Kryptik.CAAF!tr
WebrootW32.InfoStealer.Zeus
AVGWin32:Kryptik-NTD [Trj]
CrowdStrikewin/malicious_confidence_90% (D)
Qihoo-360HEUR/Malware.QVM20.Gen

How to remove Backdoor.Agent.RND?

Backdoor.Agent.RND removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment