Backdoor

Backdoor.Generic.463193 malicious file

Malware Removal

The Backdoor.Generic.463193 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Generic.463193 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Backdoor.Generic.463193?



File Info:

name: 8005BB7CF0E72A7EF30B.mlw
path: /opt/CAPEv2/storage/binaries/69d94a809682a0042e25c19de0ad5d93a9f46b8c615e46f7b5b149dbf76d5914
crc32: 9D6FA5A7
md5: 8005bb7cf0e72a7ef30bb64ea2263414
sha1: fb1a72a078217bd6cc022dabfc5e83ab478c566f
sha256: 69d94a809682a0042e25c19de0ad5d93a9f46b8c615e46f7b5b149dbf76d5914
sha512: aa3fa2d220cf706e41aeefb24048d004149c7e996c74f56c597b5398f01d27a28a63755c84ce9b1edf33b0ed4b85d60a5ad00d363d5a71c748e886639376d9d2
ssdeep: 3072:JI3HzbnAdLyT0LjmATPIfFqeFYtv3lwHrrEk:QzLILiwtmFqeFUaHrrT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T141E3E146A2CA3E10C37425F9604FAF7A9090D837A866C650D3FF0F43C6B9F152BD6169
sha3_384: 65b10600368f3bd3ee00b00e0ecd59e62296b84ebb4ed3e7fb2e61222cac337a74d4d082a44802ffd0bb886f2e3d7044
ep_bytes: 60be153034018dbeebdf0bff57eb0b90
timestamp: 2007-10-22 23:20:52


Version Info:

0: [No Data]

Backdoor.Generic.463193 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanBackdoor.Generic.463193
FireEyeGeneric.mg.8005bb7cf0e72a7e
McAfeePWS-Zbot.gen.pp
CylanceUnsafe
VIPREPacked.Win32.Zbot.gen.y.7 (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 001ab3161 )
AlibabaTrojanPSW:Win32/Kryptik.9d77cb74
K7GWTrojan ( 001ab3161 )
Cybereasonmalicious.cf0e72
VirITTrojan.Win32.Generic.VSM
CyrenW32/Zbot.AU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GYS
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-12392
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderBackdoor.Generic.463193
NANO-AntivirusTrojan.Win32.Zbot.bsqrn
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Malware-gen
TencentWin32.Trojan.Spy.Dvpd
Ad-AwareBackdoor.Generic.463193
EmsisoftBackdoor.Generic.463193 (B)
ComodoMalCrypt.Indus!@1qrzi1
DrWebTrojan.PWS.Panda.387
ZillyaTrojan.Zbot.Win32.44693
McAfee-GW-EditionBehavesLike.Win32.ZBot.cc
SophosML/PE-A + Mal/Zbot-U
IkarusTrojan-Spy.Win32.Zbot
GDataBackdoor.Generic.463193
JiangminTrojanSpy.Zbot.aoar
AviraTR/Spy.Zbot.acyp
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.1BFBA7
ArcabitBackdoor.Generic.D71159
ViRobotTrojan.Win32.A.Zbot.145408.BZ
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot.gen!Y
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R32084
BitDefenderThetaAI:Packer.CEB2AC8A1E
ALYacBackdoor.Generic.463193
VBA32Trojan.Zeus.EA.0999
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!KBErIPZ16lw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.4622153.susgen
FortinetW32/Zbot.U!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Backdoor.Generic.463193?

Backdoor.Generic.463193 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment