Categories: Backdoor

Should I remove “Backdoor.AgentPMF.S16423055”?

The Backdoor.AgentPMF.S16423055 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.AgentPMF.S16423055 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Enumerates services, possibly for anti-virtualization
CAPE detected the Tofsee malware family
Anomalous binary characteristics

How to determine Backdoor.AgentPMF.S16423055?


File Info:
name: 4579F0526D3926BC45F5.mlwpath: /opt/CAPEv2/storage/binaries/b5ec343db60e48ecf8965aca3de67cf53e20aa4b36f83ad78859f0b37999c982crc32: 74E5D904md5: 4579f0526d3926bc45f511c9a985bfb8sha1: 936cbaa57b96fed0c75deaf965f2921a3f3bb0c3sha256: b5ec343db60e48ecf8965aca3de67cf53e20aa4b36f83ad78859f0b37999c982sha512: f2b68b88429ce26b3b6a8a98b5a09650afdc5bc7856cc8db12ba142f392f85cccbe92e9f6dc6f95cb41e8f39cde3823377d0b87f9561d39ab48696cdb14a8bacssdeep: 12288:jRQ68oH/RUGQ9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qf8zM9Qfg:jyBoGtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T125C63A40B6F4EC17EAE54D30887197E83576FC966815924BB4983F4B2C326F1BA7036Esha3_384: 5194979ea624c9cfa2371832fca190525299067b11345c8ef09c8ef84e9c79a301fb4850cbc8b200b7c6617eb5ff8094ep_bytes: e8d33f0000e978feffffcccccccccccctimestamp: 2020-02-18 22:24:44
Version Info:
FileVers: 1.2.58InternalName: sracjoolz.exeCopyright: Copyrighd (C) 2020, hupkeTranslationUsi: 0x0032 0x0ccd

Backdoor.AgentPMF.S16423055 also known as:

Lionic	Trojan.Win32.AntiAV.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.70761
FireEye	Generic.mg.4579f0526d3926bc
CAT-QuickHeal	Backdoor.AgentPMF.S16423055
McAfee	Lockbit-GCZ!4579F0526D39
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005714f51 )
BitDefender	Trojan.GenericKDZ.70761
K7GW	Trojan ( 005714f51 )
Cybereason	malicious.26d392
Cyren	W32/Kryptik.CEU.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HGUH
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.AntiAV.pef
Alibaba	Malware:Win32/km_24aff.None
NANO-Antivirus	Trojan.Win32.Tofsee.iajskk
Rising	Trojan.Kryptik!1.CDA1 (CLOUD)
Sophos	Mal/Generic-R
DrWeb	Trojan.Siggen16.38705
Zillya	Backdoor.Tofsee.Win32.3854
McAfee-GW-Edition	BehavesLike.Win32.Generic.wm
Emsisoft	Trojan.GenericKDZ.70761 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Zenpak.nc
Avira	TR/ATRAPS.Gen2
Antiy-AVL	Trojan/Generic.ASMalwS.30F6EDF
Microsoft	Ransom:Win32/StopCrypt!ml
GData	Trojan.GenericKDZ.70761
AhnLab-V3	Trojan/Win32.MalPe.R353306
MAX	malware (ai score=80)
VBA32	TrojanSpy.Windigo
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
Tencent	Malware.Win32.Gencirc.10ce0ce4
Yandex	Trojan.Kryptik!Zue+VHU4Ki8
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HHAU!tr
AVG	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)