Backdoor

Backdoor.MSIL.Mokes.c (file analysis)

Malware Removal

The Backdoor.MSIL.Mokes.c is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.MSIL.Mokes.c virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:0
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: Wed14f2d4956edf7.exe
  • Creates a hidden or system file
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key

Related domains:

hsiens.xyz
c.goatgameh.com
cleaner-partners.ltd

How to determine Backdoor.MSIL.Mokes.c?


File Info:

crc32: 10C4EE8A
md5: ae8b1f215897b28dfc60684c260d6f31
name: AE8B1F215897B28DFC60684C260D6F31.mlw
sha1: ad5e1c7b936d9f0670e9a828cf28b307c9b02824
sha256: 35d2dc1b5d2a55eedb813f0abdeece642875f45d7166184c5641a60b5f5d52f7
sha512: c1fcbeec70982d2fcd05dc1d6735cb8e266589871d3ca904835f0f092ace2035ea7da6802f6629ede5a9b3f97d46fbdcf51ef8a3d211b66c8588b32218b0efe4
ssdeep: 98304:xlCvLUBsgsTBU0KhL4KbvXsyYh7SzbkpFAUctU3GupeOlsjglZLG0h4LgT4on:xWLUCgsTFCvXcRybOeyXbLGapdn
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
InternalName: 7zS.sfx
FileVersion: 19.00
CompanyName: Igor Pavlov
ProductName: 7-Zip
ProductVersion: 19.00
FileDescription: 7z Setup SFX
OriginalFilename: 7zS.sfx.exe
Translation: 0x0409 0x04b0

Backdoor.MSIL.Mokes.c also known as:

K7AntiVirusTrojan ( 0058270d1 )
LionicTrojan.Multi.GenericML.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.31028
CynetMalicious (score: 100)
CAT-QuickHealTrojan.SabsikIH.S21959152
ALYacGen:Variant.Jaik.45703
CylanceUnsafe
AlibabaTrojanDownloader:Win32/Fabookie.1c1cf8c4
K7GWTrojan ( 0058270d1 )
Cybereasonmalicious.15897b
CyrenW32/ArkeiStealer.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
AvastWin32:TrojanX-gen [Trj]
ClamAVWin.Packed.Barys-9859531-0
KasperskyBackdoor.MSIL.Mokes.c
BitDefenderGen:Variant.Jaik.45703
NANO-AntivirusExploit.Win32.Shellcode.jchotw
ViRobotTrojan.Win32.Z.Jaik.6296557
MicroWorld-eScanGen:Variant.Jaik.45703
TencentWin32.Trojan.Multiple.Lpvf
Ad-AwareGen:Variant.Jaik.45703
SophosMal/Generic-R
BitDefenderThetaGen:NN.ZedlaF.34294.n88baOE@FOp
TrendMicroTROJ_GEN.R002C0DIM21
McAfee-GW-EditionGenericRXPZ-YL!D82726A36ACC
FireEyeGen:Variant.Jaik.45703
EmsisoftGen:Variant.Jaik.45703 (B)
JiangminTrojan.PSW.MSIL.clyx
AviraTR/AD.Chapak.ujevr
eGambitUnsafe.AI_Score_75%
Antiy-AVLTrojan/Generic.ASMalwS.34A4908
KingsoftWin32.PSWTroj.Undef.(kcloud)
MicrosoftTrojan:Win32/Glupteba.QM!MTB
GDataGen:Variant.Jaik.45703
McAfeeArtemis!AE8B1F215897
MAXmalware (ai score=87)
VBA32Trojan.Zapchast
MalwarebytesTrojan.Dropper.SFX.Generic
TrendMicro-HouseCallTROJ_GEN.R002C0DIM21
RisingTrojan.Generic@ML.85 (RDMK:QMDrGVCalKrWuIdqC62mHQ)
FortinetW32/BSE.4Q7Q!tr
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml

How to remove Backdoor.MSIL.Mokes.c?

Backdoor.MSIL.Mokes.c removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment