Backdoor

Backdoor.MSIL.Mokes.eg removal

Malware Removal

The Backdoor.MSIL.Mokes.eg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.MSIL.Mokes.eg virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection

How to determine Backdoor.MSIL.Mokes.eg?



File Info:

name: 96FEA297C0F9918A06C8.mlw
path: /opt/CAPEv2/storage/binaries/a1c6f578babb0d8a33886fef84457e0f8bd962b56b85395192b37f0790d9409e
crc32: 01F87FBD
md5: 96fea297c0f9918a06c80b6a593ee1e2
sha1: 63d5718b85fb07563cd554c48c08de2bccc6e00d
sha256: a1c6f578babb0d8a33886fef84457e0f8bd962b56b85395192b37f0790d9409e
sha512: b7e4a20f27258b6eb5d304cdffb949f56bd3bcd61d3dfe1a9764dfee854204f3df855cc00f393eb5d976d36a31c367d018be6c4aa0b15d72460d8364879a4c7f
ssdeep: 12288:4YgDU6C3jMxp397UKftuWKG2TCHvNiemA:4Mzets91ev
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T11CA46C42624945C0FF7963723A6AFB08A37F3FA2EF6499405AC9783608F9BD55438CD4
sha3_384: 92b39e146b0ffaec48d5ead10b1fe68b801352a577f42d0eb2b21d9d2e9c8bb0fe51b16d914d14098a7baf048a8c096c
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2021-12-19 07:26:41


Version Info:

0: [No Data]

Backdoor.MSIL.Mokes.eg also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Mokes.m!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.GenericIH.S25677243
ALYacWin32.Expiro.Gen.6
MalwarebytesMalware.AI.4035052311
SangforBackdoor.Win32.Mokes.gen
K7AntiVirusTrojan ( 00561cbf1 )
K7GWTrojan ( 00561cbf1 )
Cybereasonmalicious.7c0f99
VirITWin32.Expiro.CV
CyrenW32/Expiro.AN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.CP
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Virus.Expiro-9923586-0
KasperskyBackdoor.MSIL.Mokes.eg
BitDefenderWin32.Expiro.Gen.6
NANO-AntivirusVirus.Win32.Gen.ccmw
MicroWorld-eScanWin32.Expiro.Gen.6
RisingBackdoor.Mokes!8.619 (CLOUD)
SophosMal/EncPk-MK
DrWebTrojan.Inject4.21375
VIPREVirus.Win32.Expiro.dp (v)
TrendMicroVirus.Win32.EXPIRO.AD
McAfee-GW-EditionBehavesLike.Win32.VirRansom.gc
FireEyeGeneric.mg.96fea297c0f9918a
EmsisoftWin32.Expiro.Gen.6 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.PSW.Stealer.abj
AviraW32/Infector.Gen8
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASVirus.315
MicrosoftTrojan:Win32/Raccoon.EC!MTB
GDataWin32.Expiro.Gen.6
VBA32BScope.Trojan.Wacatac
CylanceUnsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallVirus.Win32.EXPIRO.AD
TencentMalware.Win32.Gencirc.10cf969a
IkarusTrojan-Downloader.Win32.Agent
MaxSecureTrojan.Malware.10612570.susgen
FortinetW32/Expiro.NDG
BitDefenderThetaGen:NN.ZexaE.34182.DmW@aKnBjQ
AVGWin32:Xpirat-C [Inf]
AvastWin32:Xpirat-C [Inf]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Backdoor.MSIL.Mokes.eg?

Backdoor.MSIL.Mokes.eg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment