Backdoor

Should I remove “Backdoor.AgentPMF.S16423055”?

Malware Removal

The Backdoor.AgentPMF.S16423055 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.AgentPMF.S16423055 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Enumerates services, possibly for anti-virtualization
  • CAPE detected the Tofsee malware family
  • Anomalous binary characteristics

How to determine Backdoor.AgentPMF.S16423055?



File Info:

name: 4579F0526D3926BC45F5.mlw
path: /opt/CAPEv2/storage/binaries/b5ec343db60e48ecf8965aca3de67cf53e20aa4b36f83ad78859f0b37999c982
crc32: 74E5D904
md5: 4579f0526d3926bc45f511c9a985bfb8
sha1: 936cbaa57b96fed0c75deaf965f2921a3f3bb0c3
sha256: b5ec343db60e48ecf8965aca3de67cf53e20aa4b36f83ad78859f0b37999c982
sha512: f2b68b88429ce26b3b6a8a98b5a09650afdc5bc7856cc8db12ba142f392f85cccbe92e9f6dc6f95cb41e8f39cde3823377d0b87f9561d39ab48696cdb14a8bac
ssdeep: 12288:jRQ68oH/RUGQ9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qfg:jyBoG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T125C63A40B6F4EC17EAE54D30887197E83576FC966815924BB4983F4B2C326F1BA7036E
sha3_384: 5194979ea624c9cfa2371832fca190525299067b11345c8ef09c8ef84e9c79a301fb4850cbc8b200b7c6617eb5ff8094
ep_bytes: e8d33f0000e978feffffcccccccccccc
timestamp: 2020-02-18 22:24:44


Version Info:

FileVers: 1.2.58
InternalName: sracjoolz.exe
Copyright: Copyrighd (C) 2020, hupke
TranslationUsi: 0x0032 0x0ccd

Backdoor.AgentPMF.S16423055 also known as:

LionicTrojan.Win32.AntiAV.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.70761
FireEyeGeneric.mg.4579f0526d3926bc
CAT-QuickHealBackdoor.AgentPMF.S16423055
McAfeeLockbit-GCZ!4579F0526D39
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005714f51 )
BitDefenderTrojan.GenericKDZ.70761
K7GWTrojan ( 005714f51 )
Cybereasonmalicious.26d392
CyrenW32/Kryptik.CEU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HGUH
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.AntiAV.pef
AlibabaMalware:Win32/km_24aff.None
NANO-AntivirusTrojan.Win32.Tofsee.iajskk
RisingTrojan.Kryptik!1.CDA1 (CLOUD)
SophosMal/Generic-R
DrWebTrojan.Siggen16.38705
ZillyaBackdoor.Tofsee.Win32.3854
McAfee-GW-EditionBehavesLike.Win32.Generic.wm
EmsisoftTrojan.GenericKDZ.70761 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Zenpak.nc
AviraTR/ATRAPS.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.30F6EDF
MicrosoftRansom:Win32/StopCrypt!ml
GDataTrojan.GenericKDZ.70761
AhnLab-V3Trojan/Win32.MalPe.R353306
MAXmalware (ai score=80)
VBA32TrojanSpy.Windigo
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
TencentMalware.Win32.Gencirc.10ce0ce4
YandexTrojan.Kryptik!Zue+VHU4Ki8
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HHAU!tr
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.AgentPMF.S16423055?

Backdoor.AgentPMF.S16423055 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment