Backdoor

Backdoor.Generic.461852 (file analysis)

Malware Removal

The Backdoor.Generic.461852 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Generic.461852 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Backdoor.Generic.461852?



File Info:

name: E7DFF569A7E7D1F83077.mlw
path: /opt/CAPEv2/storage/binaries/be9a0db40291b8e2fd8ffd5eeb4b3fd8857c93105ade9345156517ff1b2c770c
crc32: 1AD1977D
md5: e7dff569a7e7d1f8307742deeea724b1
sha1: 29461e16613835dd36007f1dd4a80f75c6d63138
sha256: be9a0db40291b8e2fd8ffd5eeb4b3fd8857c93105ade9345156517ff1b2c770c
sha512: f30726fd8f9d4d4fd73812e5c9bfbcaa72aebe3c2941e4bb201a7ab2c3e5c09d4dee1ea4b3e7ccf91a217c79b5a0a818e5fd2a16ba9f077a974eb4764f643192
ssdeep: 3072:aaMdV2ilDokkug/hxuWw1EEgoe0ISdqNn4L5PQvb:JMdV9lMkJg/+ho0K6h2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T199E3F15771F92F50D4393DFA730B8A39E90C406A342F96E1E36E8221A9E9DF045760BC
sha3_384: 7d9b8cacbf800397f2afc911b6350604c1823a1d82939fe95f5d98dad6e9d5bc92b1aa21c374597232a4cffb3b0c2736
ep_bytes: 60be153033018dbeebdf0cff57eb0b90
timestamp: 2004-12-01 12:37:37


Version Info:

0: [No Data]

Backdoor.Generic.461852 also known as:

LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanBackdoor.Generic.461852
FireEyeGeneric.mg.e7dff569a7e7d1f8
McAfeePWS-Zbot.gen.pp
CylanceUnsafe
ZillyaTrojan.Generic.Win32.480854
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojanPSW:Win32/Kryptik.e055c1aa
VirITTrojan.Win32.Generic.ACBJ
CyrenW32/Zbot.AU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HBMX
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderBackdoor.Generic.461852
NANO-AntivirusTrojan.Win32.Zbot.bsocv
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Trojan-gen
TencentWin32.Trojan.Spy.Amwd
Ad-AwareBackdoor.Generic.461852
SophosMal/Generic-R + Mal/Zbot-U
ComodoMalware@#1u23hoc5pf0mn
DrWebTrojan.PWS.Panda.387
VIPREPacked.Win32.Zbot.gen.y.7 (v)
TrendMicroMal_Zvrek3
McAfee-GW-EditionBehavesLike.Win32.ZBot.cc
EmsisoftMemScan:Backdoor.Generic.461852 (B)
SentinelOneStatic AI – Malicious PE
GDataBackdoor.Generic.461852
JiangminTrojanSpy.Zbot.aoat
AviraTR/Spy.Zbot.acyp
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.183B71E
ArcabitBackdoor.Generic.D70C1C
ViRobotTrojan.Win32.A.Zbot.143872.CJ
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot
AhnLab-V3Spyware/Win32.Zbot.R32084
BitDefenderThetaAI:Packer.FAF0FD581E
ALYacBackdoor.Generic.461852
VBA32Trojan.Zeus.EA.0999
MalwarebytesMalware.AI.4061297186
TrendMicro-HouseCallMal_Zvrek3
RisingTrojan.Win32.Generic.12DC5BAE (C64:YzY0OjYsiso9HkZs)
YandexTrojanSpy.Zbot!j0cj5JhS8oA
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.3502756.susgen
FortinetW32/Zbot.U!tr
WebrootW32.Infostealer.Zeus
AVGWin32:Trojan-gen
Cybereasonmalicious.9a7e7d
PandaTrj/Genetic.gen

How to remove Backdoor.Generic.461852?

Backdoor.Generic.461852 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment