Categories: Backdoor

How to remove “Backdoor.MSIL.Mokes.cy”?

The Backdoor.MSIL.Mokes.cy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.Mokes.cy virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
At least one process apparently crashed during execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Installs itself for autorun at Windows startup
Likely virus infection of existing system binary
Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection

How to determine Backdoor.MSIL.Mokes.cy?


File Info:
name: 1D46F4F11F8E9A9AC2CD.mlwpath: /opt/CAPEv2/storage/binaries/4491092061f8e4ec091148de88a48b6a031233a1bef9851b7a3d4d46471fc02bcrc32: 48C555A5md5: 1d46f4f11f8e9a9ac2cd28ec447e6759sha1: 14ce9fd1525c9b34e1ac6afa092dbc1343feb791sha256: 4491092061f8e4ec091148de88a48b6a031233a1bef9851b7a3d4d46471fc02bsha512: 73fa00396469c6816c2f7aabed28410f55cdd4df8beabf172d344cb0edb39887bf54040e0877c44a31cf3496f87a9f255d223481b4ca4234073661160952fee7ssdeep: 6144:fCscs5ufbbvK9ZE8LvNUO3fWna76zOe+2bhUZ0UMw5d1VO9jcxsvUx9M:KKufbm9ZE8vNUOua23DSZWw5s9Atype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T10FA48D74B22474FCC53F5F3839D9B99489572F70330AE452ACAF598E02A87A643F4D46sha3_384: dc74666fcd6c14ed0144f4d68dbdf6ab7332eb081778d746b1fef4ee2f45519a869282f41969d691e20fa1e1adbb4f33ep_bytes: 5150528d0d18000000648b0101c801c8timestamp: 2021-09-11 07:17:28
Version Info:
0: [No Data]

Backdoor.MSIL.Mokes.cy also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Mokes.m!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.GenericIH.S25677243
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_90% (W)
K7GW	Trojan ( 00561cbf1 )
K7AntiVirus	Trojan ( 00561cbf1 )
VirIT	Win32.Expiro.CV
Cyren	W32/Expiro.AN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Expiro.CP
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Virus.Expiro-9916532-0
Kaspersky	Backdoor.MSIL.Mokes.cy
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
MicroWorld-eScan	Win32.Expiro.Gen.6
Avast	Win32:Xpirat-C [Inf]
Tencent	Malware.Win32.Gencirc.10cf969a
Emsisoft	Win32.Expiro.Gen.6 (B)
DrWeb	Trojan.Inject4.21375
VIPRE	Virus.Win32.Expiro.dp (v)
TrendMicro	Virus.Win32.EXPIRO.AD
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.gc
FireEye	Generic.mg.1d46f4f11f8e9a9a
Sophos	ML/PE-A + Mal/EncPk-MK
Ikarus	Trojan-Downloader.Win32.Agent
Jiangmin	Trojan.Zapchast.acx
Avira	W32/Infector.Gen8
Antiy-AVL	Trojan/Generic.ASVirus.315
Microsoft	Trojan:Win32/Raccoon.EC!MTB
GData	Win32.Expiro.Gen.6
VBA32	BScope.Trojan.Wacatac
ALYac	Win32.Expiro.Gen.6
MAX	malware (ai score=81)
Malwarebytes	Malware.AI.4035052311
TrendMicro-HouseCall	Virus.Win32.EXPIRO.AD
Rising	Backdoor.Mokes!8.619 (CLOUD)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Expiro.NDG
BitDefenderTheta	Gen:NN.ZexaE.34182.DmW@aG0VGbm
AVG	Win32:Xpirat-C [Inf]
Cybereason	malicious.11f8e9
Panda	Trj/Genetic.gen