Backdoor

What is “Backdoor.GenericFC.S21583384”?

Malware Removal

The Backdoor.GenericFC.S21583384 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.GenericFC.S21583384 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Collects information about installed applications
  • A script process created a new process
  • Anomalous binary characteristics

How to determine Backdoor.GenericFC.S21583384?



File Info:

name: 71FB40D8F9BC9769DE1B.mlw
path: /opt/CAPEv2/storage/binaries/428592a7af5ce11e656e9d7b83fd5b607cf967f282c57610ef92068ca4853d7e
crc32: 9A6C4C46
md5: 71fb40d8f9bc9769de1b45b9caf530fb
sha1: 3a24e948ac2104ed424506c6438c43db80cd3d15
sha256: 428592a7af5ce11e656e9d7b83fd5b607cf967f282c57610ef92068ca4853d7e
sha512: 7f48e91f0c6e4de6191b815da640d0c990ec6e281adf040b3971855f66b868979ce3d09fef3ae5a6c4bac001e80c0c4dcaa444403aaa4f166c45f8436c43b2df
ssdeep: 384:1BJD4p+b9GZU7sjqZaIW7FIILLi45n81fjW8h9Tp+hzIshZ+E4bAHm8pkEk40eMO:/x4kZGmpWC8L8oZ5KE4bxxEJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DEC23C1A27D8C133CE9D0B7158A3D7214B31FF454A55D6BE98E4B19D5EB37400F0279A
sha3_384: 8f6fc8e704b1dcd04bf2644ba88d280ca1f2528b9128bb508264408f98c97d3c60fc2ee8d80628a8698f73eb42cae209
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-09-02 21:28:47


Version Info:

Translation: 0x0000 0x04b0
Comments: http://www.roysac.com/
CompanyName: Roy of Superior Art Creations
FileDescription: VBSLauncher
FileVersion: 1.0.0.0
InternalName: scriptexec.exe
LegalCopyright: Copyleft 2011
OriginalFilename: scriptexec.exe
ProductName: VBSLauncher
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Backdoor.GenericFC.S21583384 also known as:

Elasticmalicious (moderate confidence)
DrWebTrojan.DownLoader11.53504
MicroWorld-eScanTrojan.GenericKD.48830040
FireEyeTrojan.GenericKD.48830040
CAT-QuickHealBackdoor.GenericFC.S21583384
ALYacTrojan.GenericKD.48830040
MalwarebytesTrojan.Dropper
SangforBackdoor.Win32.Generic.ky
K7AntiVirusTrojan ( 0055e3de1 )
K7GWTrojan ( 0055e3de1 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecTrojan.Nvcertleak!g1
ESET-NOD32MSIL/TrojanDropper.Agent.BQX
TrendMicro-HouseCallTROJ_GEN.R002C0PD822
AvastWin32:Trojan-gen
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderTrojan.GenericKD.48830040
TencentMalware.Win32.Gencirc.114937b7
Ad-AwareTrojan.GenericKD.48830040
TACHYONBackdoor/W32.DN-Agent.27320
EmsisoftTrojan.GenericKD.48830040 (B)
ZillyaDropper.Agent.Win32.471214
TrendMicroTROJ_GEN.R002C0PD822
McAfee-GW-EditionGenericRXED-NA!71FB40D8F9BC
Paloaltogeneric.ml
JiangminTrojanDropper.MSIL.kfy
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1204263
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftBackdoor:Win32/Bladabindi!ml
GDataTrojan.GenericKD.48830040
McAfeeGenericRXED-NA!71FB40D8F9BC
MAXmalware (ai score=83)
VBA32TrojanDropper.MSIL.Agent
APEXMalicious
SentinelOneStatic AI – Suspicious PE
FortinetMSIL/Agent.BQX!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Backdoor.GenericFC.S21583384?

Backdoor.GenericFC.S21583384 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment