Backdoor

Backdoor.Generic.1018407 (file analysis)

Malware Removal

The Backdoor.Generic.1018407 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Generic.1018407 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Installs a browser addon or extension
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Disables Windows firewall
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Uses XCOPY for copying files

How to determine Backdoor.Generic.1018407?



File Info:

name: 1DA8759FCA11484C7657.mlw
path: /opt/CAPEv2/storage/binaries/22fa389f7916c9e6d7a4ec263484f5588057100f3fc5ce62af986d0dd58ea1e6
crc32: EA39638F
md5: 1da8759fca11484c7657f153f5c5672c
sha1: fb8f9ee5eebc7ae09ad780bc79e96b2844dd4bf0
sha256: 22fa389f7916c9e6d7a4ec263484f5588057100f3fc5ce62af986d0dd58ea1e6
sha512: 3788e27b8812e5f16828975fcfb2554ca138ea889c8cbe30126781f24c9486b7a159754924ff91ddc9d0ced6d67992902c577e45df4d7e5ced9c55c9d6044687
ssdeep: 6144:fpUbOxGz+JEBjMr02tWfr7z9oSqViEtE:fywNJOj+/WfrH9oSAiE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17B240126F756D6C2C0639272509A9B2F0302FF31B919CADB3A60F66FBE243654335947
sha3_384: c8285381324f6f0422e21958643af1e39514f6e3e4d2eff33cb6cb466cf082fcfe495be7acb95b53589c303d882a1fca
ep_bytes: 60be15a043008dbeeb6ffcff5789e58d
timestamp: 2010-11-08 13:12:07


Version Info:

FileDescription: if you are man do justice
FileVersion: 1,0,0,0
ProductVersion: 1,0,0,0
Translation: 0x0000 0x04e4

Backdoor.Generic.1018407 also known as:

MicroWorld-eScanBackdoor.Generic.1018407
FireEyeGeneric.mg.1da8759fca11484c
ALYacBackdoor.Generic.1018407
CylanceUnsafe
ZillyaTrojan.Diztakun.Win32.3887
SangforTrojan.Win32.Diztakun.bfsi
AlibabaTrojan:Win32/Diztakun.f833ba69
CrowdStrikewin/malicious_confidence_60% (W)
CyrenW32/Agent.JL.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Diztakun.bfsi
BitDefenderBackdoor.Generic.1018407
NANO-AntivirusTrojan.Win32.Diztakun.ezieog
AvastWin32:Malware-gen
Ad-AwareBackdoor.Generic.1018407
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R067C0GII21
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
EmsisoftBackdoor.Generic.1018407 (B)
SentinelOneStatic AI – Malicious PE
GDataBackdoor.Generic.1018407
MicrosoftPWS:Win32/Zbot!ml
CynetMalicious (score: 100)
McAfeeArtemis!1DA8759FCA11
MAXmalware (ai score=95)
VBA32Trojan.Diztakun
TrendMicro-HouseCallTROJ_GEN.R067C0GII21
TencentWin32.Trojan.Fakedoc.Auto
IkarusTrojan.SuspectCRC
FortinetPossibleThreat
AVGWin32:Malware-gen
Cybereasonmalicious.fca114
PandaTrj/CI.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Backdoor.Generic.1018407?

Backdoor.Generic.1018407 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment