Backdoor

How to remove “Backdoor.DarkKomet.S15398970”?

Malware Removal

The Backdoor.DarkKomet.S15398970 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.DarkKomet.S15398970 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Backdoor.DarkKomet.S15398970?



File Info:

name: 640233787DDA2F2EAB1A.mlw
path: /opt/CAPEv2/storage/binaries/4e2f75cc67291388dcd025a398f9a9f3a312c440eff4cf105e1f4d08516418be
crc32: 5C6CDD77
md5: 640233787dda2f2eab1a956585257863
sha1: 538128d6eacc27d4195d6a4ca2d7104291f4d0ce
sha256: 4e2f75cc67291388dcd025a398f9a9f3a312c440eff4cf105e1f4d08516418be
sha512: 6eab01f43d72be83a253997abd0ed543484399bfc643f32184173486999144c13a2bad82afd82c8884e7297ea2c450200571e72c9336e919ee5e796134f62cd5
ssdeep: 49152:jnsHyjtk2MYC5GDcaH5CthNK+mPxk8p66aa+++b+xBxAtO7/eZffw8VpeDn7kJQu:jnsmtk2ayH5YNKxJ7/eZnw8VpeD7QQ8D
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T168E57D39FED18132D4734675C4A6A6E96936BD213B241DCF22D11B4D8D3ABC26C70E2E
sha3_384: 4a8e4babae862d53ef6aeadd82af3065ea798f7fefc593b19d580d310bc48a1e45e1da6e3ec9ddae1f1505c5cfe689f8
ep_bytes: 558bec83c4f0b878a74900e898c1f6ff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Synaptics
FileDescription: Synaptics Pointing Device Driver
FileVersion: 1.0.0.4
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: Synaptics Pointing Device Driver
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x041f 0x04e6

Backdoor.DarkKomet.S15398970 also known as:

BkavW32.FamVT.GaionLTK.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.GenericKD.37940051
FireEyeGeneric.mg.640233787dda2f2e
CAT-QuickHealBackdoor.DarkKomet.S15398970
ALYacDropped:Trojan.GenericKD.37940051
CylanceUnsafe
ZillyaBackdoor.DarkKomet.Win32.47369
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 0055903c1 )
K7GWTrojan ( 0056a6201 )
Cybereasonmalicious.87dda2
VirITTrojan.Win32.Dnldr22.OHM
CyrenPP97M/Script.gen
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Delf.NBX
APEXMalicious
ClamAVWin.Trojan.Emotet-9850453-0
KasperskyBackdoor.Win32.DarkKomet.hqxy
BitDefenderDropped:Trojan.GenericKD.37940051
NANO-AntivirusTrojan.Win32.DarkKomet.fazbwq
AvastOther:Malware-gen [Trj]
TencentVirus.Win32.DarkKomet.a
Ad-AwareDropped:Trojan.GenericKD.37940051
EmsisoftDropped:Trojan.GenericKD.37940051 (B)
ComodoVirus.Win32.Agent.DE@74b38h
DrWebTrojan.DownLoader22.9658
VIPREBehavesLike.Win32.Malware.eah (mx-v)
TrendMicroVirus.Win32.NAPWHICH.B
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
SophosMal/Generic-S (PUA)
SentinelOneStatic AI – Malicious PE
JiangminWin32/Synaptics.Gen
AviraWORM/Dldr.Agent.gqrxn
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMacro.5657
MicrosoftWorm:Win32/AutoRun!atmn
ViRobotWin32.Zorex.A
GDataWin32.Backdoor.Agent.AXS
CynetMalicious (score: 100)
AhnLab-V3Win32/Zorex.X1799
Acronissuspicious
McAfeeFileTour
VBA32TScope.Trojan.Delf
MalwarebytesTrojan.Agent
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazpmdG/LlaAhg8puGwXhcNbg)
YandexTrojan.GenAsa!ETONJRQzPLk
eGambitUnsafe.AI_Score_100%
FortinetW32/CoinMiner.NBX!tr
BitDefenderThetaAI:Packer.F5AF03D517
AVGOther:Malware-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Backdoor.DarkKomet.S15398970?

Backdoor.DarkKomet.S15398970 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment