Backdoor

Backdoor.BitRAT removal

Malware Removal

The Backdoor.BitRAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.BitRAT virus can do?

  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (6 unique times)
  • Starts servers listening on 127.0.0.1:45808
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs an hook procedure to monitor for mouse events
  • Sniffs keystrokes
  • Installs Tor on the infected machine
  • Anomalous binary characteristics

How to determine Backdoor.BitRAT?


File Info:

crc32: 19E6E3E9
md5: e2cd3596bdec815d580dfeadec5209bb
name: 99.exe
sha1: 9ee930ce75b3b92562986bb99a4693b14ed30499
sha256: 723e6b54cd996205412396bbfba18171a8e4e7297dd2492b35ec198e122849cb
sha512: 5f255b9bc21ce1f3acc818362226799e5dfe588e26c59d33d4da73f067b43a1d4d468b99312ac8bd8b30b93af95283cad5f3e5cdb92dbb65137cd7bc899daf96
ssdeep: 98304:Zwl3wUaj1Wa84nnxYG86xwnhKAFhovosyo31CPwDv3uFZjhUg2EeJUO9WLQ0+mN:ZwKUhaVn++xwhzav1yo31CPwDv3uFZj
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

0: [No Data]

Backdoor.BitRAT also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.846932
CAT-QuickHealTrojan.Agentb
ALYacGen:Variant.Graftor.846932
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Agentb.4!c
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Variant.Graftor.846932
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.e75b3b
TrendMicroTROJ_GEN.R002C0PJR20
CyrenW32/Downloader.N.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan.Win32.Agentb.jzwz
AlibabaTrojan:Win32/Agentb.358ff9fb
ViRobotTrojan.Win32.Z.Agent.5857280.N
TencentMalware.Win32.Gencirc.11b04868
Ad-AwareGen:Variant.Graftor.846932
SophosMal/Generic-S
ComodoMalware@#9j7cudqp40yf
F-SecureDropper.DR/Delphi.Gen
DrWebTrojan.DownLoader35.1504
ZillyaTrojan.Agent.Win32.1474553
InvinceaMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
FireEyeGen:Variant.Graftor.846932
EmsisoftTrojan.Agent (A)
SentinelOneDFI – Malicious PE
JiangminTrojan.Agentb.hsv
AviraDR/Delphi.Gen
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Win32.Agentb
MicrosoftTrojan:Win32/Ymacco.AA72
GridinsoftTrojan.Win32.Agent.oa
ArcabitTrojan.Graftor.DCEC54
ZoneAlarmTrojan.Win32.Agentb.jzwz
GDataWin32.Trojan-Stealer.MassLogger.HC6S0L
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R354094
McAfeeGenericRXAA-AA!E2CD3596BDEC
MAXmalware (ai score=100)
VBA32BScope.Trojan.CMY3U
MalwarebytesBackdoor.BitRAT
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Agent.ACBZ
TrendMicro-HouseCallTROJ_GEN.R002C0PJR20
YandexTrojan.Agentb!eWKT7g4dBPA
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.109134801.susgen
FortinetW32/Graftor.8391!tr
BitDefenderThetaGen:NN.ZexaF.34590.@pGfaSG@K9ii
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)
Qihoo-360Win32/Trojan.0c0

How to remove Backdoor.BitRAT?

Backdoor.BitRAT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment