Backdoor

Backdoor.Generic.1014683 removal instruction

Malware Removal

The Backdoor.Generic.1014683 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Generic.1014683 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Adds itself to the Safe Mode boot to ensure its start
  • Created a service that was not started
  • Anomalous binary characteristics

How to determine Backdoor.Generic.1014683?



File Info:

name: 4ADF49CD3E78BA018098.mlw
path: /opt/CAPEv2/storage/binaries/c47e5d53619266d1763dd5864a8a0facaf83b5ed51b3ad43e468c9a863b5e8e9
crc32: D0B4CD31
md5: 4adf49cd3e78ba0180987940fc0e50e5
sha1: bc428091b9280489f80426d5a30537ef97e00568
sha256: c47e5d53619266d1763dd5864a8a0facaf83b5ed51b3ad43e468c9a863b5e8e9
sha512: 570aed09ba513b1d0bd607117898b52f2fa31c851e7d4598071efdc4a6948480a5e08202740ab37a25a84c38e7d418e5ea45063c8035686519dc9643713bd583
ssdeep: 49152:f67zREZPTOzTjhYwvEi20OH/mcxmYC7v5qs+4HUwGwcOtkHLQoZd775kEr4H:foOZPTOzT9Z8iEHOgROM1utMQgZ4H
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T149D53390529C31F5DFC9BEF2F885E7699E368F428D18FC91E0EB76E85CC480849AD452
sha3_384: dc0328fc571b416b81c7429a91ba330c43382b43f3e1f5651298c2854c102c40a9cb5c0604436e1bff43b4d7e248e1bd
ep_bytes: b87c7509015064ff3500000000648925
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: iVirtua
FileDescription: Trauma Zer0 Network Agent Core
FileVersion: 2.0.5.8
InternalName: wwtask
LegalCopyright: iVirtua Ltda
LegalTrademarks: iVirtua Ltda
OriginalFilename: wwtask.exe
ProductName: Trauma Zer0
ProductVersion: 2.0.0.0
Comments: http://www.ivirtua.com
LastCompiledTime: 2017/07/17 01:28:07
Translation: 0x0409 0x04e4

Backdoor.Generic.1014683 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Inject3.5757
MicroWorld-eScanBackdoor.Generic.1014683
FireEyeGeneric.mg.4adf49cd3e78ba01
ALYacBackdoor.Generic.1014683
CylanceUnsafe
ZillyaTrojan.Agent.Win32.821941
AlibabaBackdoor:Win32/Banker.31d66ae5
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderThetaGen:NN.ZexaF.34084.4k2aaSvWC9iO
SymantecTrojan.Gen.MBT
TrendMicro-HouseCallTROJ_GEN.R002H09LA21
Paloaltogeneric.ml
BitDefenderBackdoor.Generic.1014683
AvastWin32:Malware-gen
Ad-AwareBackdoor.Generic.1014683
EmsisoftBackdoor.Generic.1014683 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SophosGeneric ML PUA (PUA)
IkarusGeneric.Banker.Delf
JiangminTrojan.Generic.fjkjq
AviraHEUR/AGEN.1112442
Antiy-AVLTrojan/Generic.ASCommon.3B
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotTrojan.Win32.Z.Wacatac.3018016
GDataBackdoor.Generic.1014683
CynetMalicious (score: 100)
McAfeeArtemis!4ADF49CD3E78
MAXmalware (ai score=82)
VBA32BScope.Trojan.Inject
APEXMalicious
YandexTrojan.Agent!hNHA/mzJGsQ
SentinelOneStatic AI – Suspicious PE
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
Cybereasonmalicious.d3e78b

How to remove Backdoor.Generic.1014683?

Backdoor.Generic.1014683 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment