Backdoor

About “Backdoor.Bot.WPM” infection

Malware Removal

The Backdoor.Bot.WPM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Bot.WPM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics

How to determine Backdoor.Bot.WPM?



File Info:

name: 673D2D5785BF5962714B.mlw
path: /opt/CAPEv2/storage/binaries/f33aa9d481397c385c458e7e3d48d9f13a815baf745289ef8712b7251055bc90
crc32: A97A6252
md5: 673d2d5785bf5962714bea1a22bb7d9f
sha1: 74de96f60004141451aaed10cb28b952d1a21295
sha256: f33aa9d481397c385c458e7e3d48d9f13a815baf745289ef8712b7251055bc90
sha512: 561d6126cadb7e320666d2cc05055928c5eb92fd156ddfa7ddb5fd9bc440bf7f257ad0da5b6627e44da48db783b5a1860f451b69dd8f0530a3a8041b6de87d33
ssdeep: 3072:fxQit/Jko8YFF1GlHUCZO6/NCIIPoxxTApEbvX/P/INAr:jAo8kGl0CQ+NCIIPcxz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E8E3C027A1592802F78A07B10DB769FA55766C326440DE0B33CACB5C4CB1697BEB172F
sha3_384: 94688513da881ab079a6843bc5969c9829f0e609e1e83cb2f473969679b2dfc186fb7550dd81e4a3f6573912ab502470
ep_bytes: 68d4174000e8eeffffff001e00000000
timestamp: 2011-06-28 19:13:43


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Electro
ProductName: CORAZONCORAZONCORAZONBANAN
FileVersion: 12.989.0054
ProductVersion: 12.989.0054
InternalName: CORAZONCORAZONBAN
OriginalFilename: CORAZONCORAZONBAN.exe

Backdoor.Bot.WPM also known as:

Elasticmalicious (high confidence)
DrWebTrojan.MulDrop3.26650
MicroWorld-eScanGen:Heur.Spesr.VB.1
FireEyeGeneric.mg.673d2d5785bf5962
CAT-QuickHealWorm.Dorkbot.A
ALYacGen:Heur.Spesr.VB.1
CylanceUnsafe
ZillyaWorm.Ngrbot.Win32.113
SangforTrojan.Win32.Save.a
Cybereasonmalicious.785bf5
BitDefenderThetaGen:NN.ZevbaF.34182.jm0@aGsAZiai
VirITWorm.Win32.Generic.AYDJ
CyrenW32/Vbinder.F.gen!Eldorado
SymantecW32.IRCBot.NG
ESET-NOD32a variant of Win32/Injector.JBH
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Worm.Dorkbot-7993070-0
KasperskyWorm.Win32.Ngrbot.cfy
BitDefenderGen:Heur.Spesr.VB.1
NANO-AntivirusTrojan.Win32.Ngrbot.eakgyp
SUPERAntiSpywareTrojan.Agent/Gen-VBKrypt
AvastWin32:Downloader-JZG [Trj]
TencentWin32.Worm.Ngrbot.bncn
SophosML/PE-A + Troj/Dorkbot-AO
ComodoMalware@#1fhie15z54oyg
VIPRETrojan.Win32.Generic!BT
TrendMicroWORM_DORKBOT.SMO
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cc
EmsisoftGen:Heur.Spesr.VB.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminWorm/Ngrbot.bmw
WebrootW32.Worm.Gen
AviraTR/Spy.Zbot.VZ.6
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.379FB4
KingsoftWin32.Troj.Generic_a.c.(kcloud)
MicrosoftWorm:Win32/Dorkbot
ZoneAlarmWorm.Win32.Ngrbot.cfy
GDataWin32.Trojan.VB.H
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBKrypt.R11929
McAfeeW32/IRCBot.gen.de
VBA32Malware-Cryptor.VB.gen
MalwarebytesBackdoor.Bot.WPM
TrendMicro-HouseCallWORM_DORKBOT.SMO
RisingWorm.Ngrbot!8.7DD (CLOUD)
YandexTrojan.Injector!TQKUHcEpkl4
IkarusVirus.Win32.VBInject
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBInjector.W!tr
AVGWin32:Downloader-JZG [Trj]
PandaW32/Lolbot.R.worm
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Backdoor.Bot.WPM?

Backdoor.Bot.WPM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment