Backdoor

Backdoor.Generic.566006 (file analysis)

Malware Removal

The Backdoor.Generic.566006 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Generic.566006 virus can do?

  • Sample contains Overlay data
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Generic.566006?



File Info:

name: ADA34A5445687ABDFD50.mlw
path: /opt/CAPEv2/storage/binaries/ba27fc4d3a39816603856cd8f5584a2121bea8e8e1ae3ad472668c9e44906f60
crc32: C5DE1676
md5: ada34a5445687abdfd50198fa6087b4f
sha1: 449ba6ffc501a2fabdf8bcbd53a3ddd62acaef19
sha256: ba27fc4d3a39816603856cd8f5584a2121bea8e8e1ae3ad472668c9e44906f60
sha512: 663acc9f8579fd2facfe71c3f2b4cc102c88a0636915d1a111690a90afe4f6824b5415107df6ed565bca285a683bb6fb50cbc0428a689f1770e9555185f60973
ssdeep: 6144:AZC4d3lbxc6wU/UP+XhdMRFD3LAwekb8+SroSE:B4dMRU/UP4heFjLDF4+SroSE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B24022BF61C940CE9AC5032864B18B46824FD1AC86849F532D1FF3F6E32F99E94975D
sha3_384: 07cd2764e72236f08144be61820b2939d6c1a91deae8a960cddd329e54a2b8e398fe27c32f2a0703fbdd46d62f6ea542
ep_bytes: 60be003044008dbe00e0fbff5789e58d
timestamp: 2009-09-25 18:57:32


Version Info:

FileDescription: 
FileVersion: 1, 0, 48, 05
InternalName: 
LegalCopyright: 
OriginalFilename: 
ProductName: 
ProductVersion: 1, 0, 48, 05
Translation: 0x0409 0x04b0

Backdoor.Generic.566006 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Dosh.4!c
AVGWin32:AutoIt-TX [Trj]
Elasticmalicious (moderate confidence)
MicroWorld-eScanBackdoor.Generic.566006
FireEyeBackdoor.Generic.566006
ALYacBackdoor.Generic.566006
MalwarebytesMalware.Heuristic.1003
VIPREBackdoor.Generic.566006
AlibabaTrojanDownloader:Win32/AutoRun.a197109c
K7GWP2PWorm ( 0050e6161 )
K7AntiVirusP2PWorm ( 0050e6161 )
SymantecDownloader
ESET-NOD32Win32/AutoRun.Autoit.CI
CynetMalicious (score: 99)
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-371036
KasperskyTrojan-Downloader.Win32.Dosh.dh
BitDefenderBackdoor.Generic.566006
NANO-AntivirusTrojan.Win32.Gendal.vwrgv
AvastWin32:AutoIt-TX [Trj]
TencentWin32.Trojan-Downloader.Dosh.Nsmw
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1340783
ZillyaDownloader.Dosh.Win32.4
TrendMicroWORM_UTOTI.BAC
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
EmsisoftBackdoor.Generic.566006 (B)
IkarusTrojan-Downloader.Win32.Redonc
GDataBackdoor.Generic.566006
JiangminTrojan/Generic.ckbb
WebrootW32.Heuristic.Gen
AviraHEUR/AGEN.1340783
XcitiumMalware@#2jhmoh43ac8x3
ArcabitBackdoor.Generic.D8A2F6
ZoneAlarmTrojan-Downloader.Win32.Dosh.dh
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Downloader/Win32.Dosh.C3303007
McAfeeArtemis!ADA34A544568
MAXmalware (ai score=100)
VBA32BScope.TrojanDownloader.AutoIt
Cylanceunsafe
PandaTrj/Spy.TKV
TrendMicro-HouseCallWORM_UTOTI.BAC
YandexWorm.AutoRun!dx9zFy1dB2A
MaxSecureTrojan.Malware.2588.susgen
FortinetW32/UTOTI.BAC!worm
Cybereasonmalicious.445687
DeepInstinctMALICIOUS

How to remove Backdoor.Generic.566006?

Backdoor.Generic.566006 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment