Categories: Backdoor

Backdoor.Bot.143790 information

The Backdoor.Bot.143790 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Bot.143790 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Backdoor.Bot.143790?


File Info:
name: 929B5211045A83FC4155.mlwpath: /opt/CAPEv2/storage/binaries/27dc6f8e996c2c3769926f17a3e0670e0a96f5e12c6151e451e899f3b44c0656crc32: C0160912md5: 929b5211045a83fc41558f6b46cef2cfsha1: 515e90d71e61900743b857dc85a0f6383f752740sha256: 27dc6f8e996c2c3769926f17a3e0670e0a96f5e12c6151e451e899f3b44c0656sha512: 90e95b115e547322444870e9118b8f7d81bd3ff8b9c9dd167d9377c3fcae94a68a422c0c49444f7c0c08b4ce556cf9d2b3ad18ffce0736a9f9e62ce49bb33d5bssdeep: 6144:6mUgOoTNajHKGRW7sxTicPwxRztjcsp2vac:6mLO4ojHKG1TicPkx54vactype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E124122A94353EBCC5232B355A4BBEF28CE8934F6A581F95E97E08F5D0786943C77002sha3_384: eaf42e7d7dd8fc446cf2ef39396395e91273cf5eeba172402ecda00057211f891c2f3d4922019213c2feb86ab08ffe14ep_bytes: 60be0010d2008dbe00006effc7870ce0timestamp: 2005-03-28 02:54:12
Version Info:
0: [No Data]

Backdoor.Bot.143790 also known as:

Bkav	W32.MosquitoQKK.Fam.Trojan
Elastic	malicious (high confidence)
MicroWorld-eScan	Backdoor.Bot.143790
FireEye	Generic.mg.929b5211045a83fc
McAfee	Artemis!929B5211045A
Cylance	Unsafe
Zillya	Trojan.Losya.Win32.5
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( f1000f011 )
Alibaba	Ransom:Win32/LockScreen.508a9701
K7GW	Trojan ( f1000f011 )
Cybereason	malicious.1045a8
VirIT	Trojan.Win32.Winlock.EGQ
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.MOS
APEX	Malicious
ClamAV	Win.Trojan.Losya-11
Kaspersky	HEUR:Trojan.Win32.Generic.Cds.a
BitDefender	Backdoor.Bot.143790
NANO-Antivirus	Trojan.Win32.Kryptik.fcoeyk
Avast	FileRepMalware
Tencent	Win32.Trojan.Falsesign.Hssh
Ad-Aware	Backdoor.Bot.143790
Emsisoft	Backdoor.Bot.143790 (B)
Comodo	Malware@#3ihfx0bcvart3
DrWeb	Trojan.Winlock.2876
VIPRE	Packed.Win32.PWSZbot.gen (v)
McAfee-GW-Edition	W32/Pinkslipbot.gen.ae
Sophos	Mal/Generic-R + Mal/EncPk-ZC
Ikarus	Trojan.Win32.Yakes
GData	Backdoor.Bot.143790
Jiangmin	Trojan/Losya.al
Avira	TR/Crypt.ULPM.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.65F20A
Kingsoft	Win32.Heur.KVMH019.a.(kcloud)
ViRobot	Trojan.Win32.A.Losya.220248.A[UPX]
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Ransom:Win32/LockScreen.BA
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZexaF.34212.nmHfaqAQNopc
ALYac	Backdoor.Bot.143790
VBA32	Trojan.Zeus.EA.0999
Rising	Trojan.Occamy!8.F1CD (CLOUD)
Yandex	Trojan.GenAsa!K9QWYfIJ3gg
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.1946583.susgen
Fortinet	W32/Generic.AC.2948285
AVG	FileRepMalware
Panda	Generic Malware