Backdoor

Should I remove “Backdoor.ManuscrypRI.S26374020”?

Malware Removal

The Backdoor.ManuscrypRI.S26374020 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.ManuscrypRI.S26374020 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Attempts to execute suspicious powershell command arguments

How to determine Backdoor.ManuscrypRI.S26374020?



File Info:

name: BF5797E363E0A69484CE.mlw
path: /opt/CAPEv2/storage/binaries/427df1d8339a0257b81aea72d007182ca846925d92546db09889b0dd3d006ce6
crc32: FC8D3499
md5: bf5797e363e0a69484cee6996495c19e
sha1: 94a059fb80b8ff312afa218b9c106a3da105060b
sha256: 427df1d8339a0257b81aea72d007182ca846925d92546db09889b0dd3d006ce6
sha512: 80fbc1bf1bb9c9e3646bd7305036822ed83139ef4197f8fa1904677846ae78b40f9a11b17dba126a99053ad6ad5fff8c60520ef229faf88e02d161a6579965e4
ssdeep: 196608:xTGb8Por+ldLHKh4XHp1DGXDZTIBTiWGASBovtp+h8:xTGb2oidFJ4ZcBWAS27q8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1476633A43FFC06FBEC220C35AC083B6858A527142925886F3794EF8D7F6D496921D9D7
sha3_384: db371a858ba0618102637af4174d72546d84a16806236d4dcb395c25f0a121332d4f3010fffe8159c024a7dedfaa6cf6
ep_bytes: 558bec6aff6898c24100680691410064
timestamp: 2019-02-21 16:00:00


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 19.00
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 19.00
Translation: 0x0409 0x04b0

Backdoor.ManuscrypRI.S26374020 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.39241
MicroWorld-eScanDropped:Trojan.GenericKD.38690777
FireEyeDropped:Trojan.GenericKD.38690777
CAT-QuickHealBackdoor.ManuscrypRI.S26374020
McAfeeArtemis!BF5797E363E0
CylanceUnsafe
SangforTrojan.Win32.Agent.gen
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/Stealer.cf33a73c
K7GWTrojan-Downloader ( 0058d4871 )
K7AntiVirusTrojan-Downloader ( 0058d4871 )
BitDefenderThetaGen:NN.ZexaF.34212.xq0@aeEeo2bj
CyrenW32/Trojan.BXQD-4583
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
Paloaltogeneric.ml
ClamAVWin.Dropper.Pswtool-9857487-0
KasperskyTrojan.Win32.Agent.xanbav
BitDefenderDropped:Trojan.GenericKD.38690777
NANO-AntivirusRiskware.Win32.PSWTool.hqsnsl
AvastWin32:DropperX-gen [Drp]
TencentWin32.Trojan.Multiple.Phzz
Ad-AwareDropped:Trojan.GenericKD.38690777
SophosMal/Generic-S
ComodoMalware@#2oy4edxre1odq
TrendMicroTrojanSpy.Win32.SABSIK.USASHBD22
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftDropped:Trojan.GenericKD.38690777 (B)
IkarusTrojan.Agent
GDataDropped:Trojan.GenericKD.38690777
JiangminTrojan.PSW.Stealer.aju
AviraTR/Downloader.IT
Antiy-AVLTrojan[Backdoor]/Win32.Manuscrypt
KingsoftWin32.PSWTroj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D24E5FD9
MicrosoftTrojan:MSIL/AgentTesla.NHQ!MTB
CynetMalicious (score: 100)
VBA32Backdoor.Manuscrypt
ALYacDropped:Trojan.GenericKD.38690777
MAXmalware (ai score=81)
MalwarebytesTrojan.Downloader
TrendMicro-HouseCallTrojanSpy.Win32.SABSIK.USASHBD22
RisingTrojan.Starter!1.D93D (CLOUD)
eGambitGeneric.Malware
FortinetW32/Agent.GBZ!tr.dldr
AVGWin32:DropperX-gen [Drp]
PandaTrj/CI.A

How to remove Backdoor.ManuscrypRI.S26374020?

Backdoor.ManuscrypRI.S26374020 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment