Categories: Backdoor

Backdoor.MSIL.Mokes.ed removal guide

The Backdoor.MSIL.Mokes.ed is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.Mokes.ed virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
At least one process apparently crashed during execution
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Installs itself for autorun at Windows startup
Likely virus infection of existing system binary
Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection

How to determine Backdoor.MSIL.Mokes.ed?


File Info:
name: 50AC7E0A06441633214F.mlwpath: /opt/CAPEv2/storage/binaries/ed373ffa3219efde9254ce7913bdc1f4c832d73fe609ecd743f88583a4e2e689crc32: 6C72A22Bmd5: 50ac7e0a06441633214fd046532de926sha1: 88aece82e902bcb3dd78bea14ddb3acd9f6242e3sha256: ed373ffa3219efde9254ce7913bdc1f4c832d73fe609ecd743f88583a4e2e689sha512: 3aa3a6820f743b67c18d6363176bf637bf6a730d6e124a8e009661073d2c6e4090f50dc7206a044e21adf617e250d007fdf8d6a17b9ba83cb35b6821cf1e9ae2ssdeep: 6144:GCscFrHdGngAjGNfLO8G7IJEV41+MwuIQm5ExOJ8t3uRTDqNmp48yC:LTdUgAjGNat7IOVw+MwuI5Trm8yCtype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T1FBA47C74A61030FCC42B9F3838C9B9C499573B63E31A9753ACEF599E42A879A43F4543sha3_384: 6c66dfd8328a3a14ad0711bbe4841493606dc0e4a71cdde3265202b4fcc5cc5a8bda85740ea9165581b787b9d3c6d11aep_bytes: 5150528d0d18000000648b0101c801c8timestamp: 2021-11-04 00:19:20
Version Info:
0: [No Data]

Backdoor.MSIL.Mokes.ed also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Mokes.m!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.GenericIH.S25677243
ALYac	Win32.Expiro.Gen.6
Cylance	Unsafe
Sangfor	Backdoor.Win32.Mokes.gen
K7AntiVirus	Trojan ( 00561cbf1 )
K7GW	Trojan ( 00561cbf1 )
Cybereason	malicious.a06441
VirIT	Win32.Expiro.CV
Cyren	W32/Expiro.AN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Expiro.CP
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Virus.Expiro-9918344-0
Kaspersky	Backdoor.MSIL.Mokes.ed
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
MicroWorld-eScan	Win32.Expiro.Gen.6
Rising	Backdoor.Mokes!8.619 (CLOUD)
Sophos	ML/PE-A + Mal/EncPk-MK
DrWeb	Trojan.Inject4.21375
TrendMicro	Virus.Win32.EXPIRO.AD
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.gc
FireEye	Generic.mg.50ac7e0a06441633
Emsisoft	Win32.Expiro.Gen.6 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor.Mokes.evw
Avira	W32/Infector.Gen8
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Generic.ASVirus.315
Microsoft	Trojan:Win32/Raccoon.EC!MTB
ZoneAlarm	Backdoor.MSIL.Mokes.ed
GData	Win32.Expiro.Gen.6
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Malware.AI.4035052311
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Virus.Win32.EXPIRO.AD
Tencent	Malware.Win32.Gencirc.10cf969a
Ikarus	Trojan-Downloader.Win32.Agent
Fortinet	W32/Expiro.NDG
BitDefenderTheta	Gen:NN.ZexaE.34182.DmW@aaIOY2i
AVG	Win32:Xpirat-C [Inf]
Avast	Win32:Xpirat-C [Inf]
CrowdStrike	win/malicious_confidence_90% (W)