Backdoor

Backdoor.Bot.155149 (file analysis)

Malware Removal

The Backdoor.Bot.155149 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Bot.155149 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Backdoor.Bot.155149?



File Info:

name: E0891420C5A4920F7880.mlw
path: /opt/CAPEv2/storage/binaries/cab3ff3a4312d75f863a873a5022acd5d5c2470421bfcd24959ffda57ca94729
crc32: 02D2DDD0
md5: e0891420c5a4920f78807c19933a8429
sha1: 0b337bad608d8888e27ae950bcbff63fb7d4c081
sha256: cab3ff3a4312d75f863a873a5022acd5d5c2470421bfcd24959ffda57ca94729
sha512: a0cede648f610550f665052d1b60c878a016f98aaf02dff7d8b1069ffb36ba58737827325702c3857879a40711d49b26b4954dfff27141176c43407d7e2e7ce4
ssdeep: 6144:he88nc4lxByeKw6DqJYShZCORX9dtP2PwQkCtF8:1D4vByemDkYShZCQtPmrkCt2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BF3412D572E2AAD7D2E3113658E1DE8EFB04AED188910CA7D4B1702E44FD3211E15F9B
sha3_384: 9a6efbd7de32a82cf55562c7fa5135c9299cef68a38984092f387a2fb5bec38260adc2e0674ad0b01ab501cc1d0643a2
ep_bytes: 60be008044008dbe0090fbffc7879cb0
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Backdoor.Bot.155149 also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
MicroWorld-eScanBackdoor.Bot.155149
ClamAVWin.Trojan.Zbot-9855982-0
FireEyeGeneric.mg.e0891420c5a4920f
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacBackdoor.Bot.155149
CylanceUnsafe
VIPREBackdoor.Bot.155149
SangforTrojan.Win32.Injector.XVH
Cybereasonmalicious.0c5a49
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Injector.XVH
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderBackdoor.Bot.155149
NANO-AntivirusTrojan.Win32.Panda.bnkvil
AvastWin32:Susn-AQ [Trj]
TencentWin32.Trojan.Generic.Jcnw
Ad-AwareBackdoor.Bot.155149
EmsisoftBackdoor.Bot.155149 (B)
ComodoMalware@#yvc1p80pe2p
F-SecureTrojan.TR/Crypt.ZPACK.Gen
DrWebTrojan.PWS.Panda.1672
ZillyaTrojan.Jorik.Win32.186584
TrendMicroTSPY_ZBOT.SMSK
McAfee-GW-EditionBehavesLike.Win32.ZBot.dc
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataBackdoor.Bot.155149
JiangminTrojan/Generic.ajfgo
WebrootW32.Infostealer.Zeus
AviraTR/Crypt.ZPACK.Gen
Antiy-AVLTrojan/Win32.Zbot
ArcabitBackdoor.Bot.D25E0D
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!ZA
GoogleDetected
McAfeeArtemis!E0891420C5A4
MAXmalware (ai score=84)
VBA32TrojanPSW.Panda
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallTSPY_ZBOT.SMSK
RisingTrojan.Generic!8.C3 (CLOUD)
YandexTrojan.Injector!NLUXG6ZhCl4
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.AAO!tr
BitDefenderThetaGen:NN.ZelphiF.34646.omHfaeHm0Zo
AVGWin32:Susn-AQ [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Backdoor.Bot.155149?

Backdoor.Bot.155149 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment