Categories: Backdoor

Backdoor.MSIL.NanoBot.avkf malicious file

The Backdoor.MSIL.NanoBot.avkf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.NanoBot.avkf virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
At least one process apparently crashed during execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Creates known CypherIT/Frenchy Shellcode mutexes
Anomalous binary characteristics

How to determine Backdoor.MSIL.NanoBot.avkf?


File Info:
name: BB679BEC1C244E90324D.mlwpath: /opt/CAPEv2/storage/binaries/d959d357dac740b5eed96bc85b4b0016a8bb5e2fdf76d60e370978314d463f6acrc32: B286C2BCmd5: bb679bec1c244e90324df6451c6af63asha1: aae524cfc3c4dc2396ae4379d73fc4177692a4ddsha256: d959d357dac740b5eed96bc85b4b0016a8bb5e2fdf76d60e370978314d463f6asha512: 82522e691c3274e978e60c04ea6b5f13e1c08d8f2915b842846625e0928b389079469d0b0e3680b3444e31dd663696d6a09ca5d07f6f066d8a6903b5a792c97bssdeep: 24576:9AHnh+eWsN3skA4RV1Hom2KXMmHawJoxD7xV4wGLXiFRmo5:ch+ZkldoPK8YawJoBEJLX2type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T15245BD0273D1C036FFABA2739B6AF64156BC79254123852F13981DB9BD701B2237E663sha3_384: f865f47c2e352eadca5d0bea8e08d9ce2c0c44c2257cfaaa456b55ee78cd9b2e8fecbee997b93eb165f3118dfdf75935ep_bytes: e8c8d00000e97ffeffffcccccccccccctimestamp: 2019-09-16 00:10:39
Version Info:
FileDescription: BthAvrcpOriginalFilename: fsavailuxCompanyName: RMActivateFileVersion: 495.84.592.577LegalCopyright: BootMenuUXProductName: takeownProductVersion: 445.378.961.689Translation: 0x0409 0x04b0

Backdoor.MSIL.NanoBot.avkf also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.41769123
FireEye	Generic.mg.bb679bec1c244e90
CAT-QuickHeal	Trojan.AutoIt.Injector.ZZ
ALYac	Trojan.GenericKD.41769123
Cylance	Unsafe
Sangfor	Virus.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/AutoItGen.151
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.c1c244
VirIT	Trojan.Win32.Genus.BRW
Cyren	W32/AutoIt.RK.gen!Eldorado
Symantec	Packed.Generic.548
ESET-NOD32	MSIL/NanoCore.E
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Autoit-7170502-0
Kaspersky	Backdoor.MSIL.NanoBot.avkf
BitDefender	Trojan.GenericKD.41769123
NANO-Antivirus	Trojan.Win32.Dwn.fzpuxc
Avast	AutoIt:Dropper-DL [Trj]
Tencent	Win32.Trojan.Autoit.Auto
Ad-Aware	Trojan.GenericKD.41769123
Emsisoft	Trojan.GenericKD.41769123 (B)
Comodo	Malware@#3o7yx3mb65tct
DrWeb	Trojan.DownLoader30.21884
VIPRE	Trojan.GenericKD.41769123
TrendMicro	Trojan.Win32.ARTEMIS.USXVPIG19
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.tc
Sophos	Mal/Generic-S + Mal/AuItInj-A
Ikarus	Trojan.Inject
GData	MSIL.Backdoor.Nancat.34BV4O
Webroot	W32.Trojan.Gen
Avira	DR/Autoit.SF
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASCommon.168
Arcabit	Trojan.Generic.D27D58A3
Microsoft	Trojan:Win32/Skeeyah.A!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Autoinj03.Exp
McAfee	Artemis!BB679BEC1C24
VBA32	Backdoor.MSIL.NanoBot
Malwarebytes	MachineLearning/Anomalous.97%
TrendMicro-HouseCall	Trojan.Win32.ARTEMIS.USXVPIG19
Rising	Backdoor.Nanocore!8.F894 (KTSE)
MaxSecure	Trojan.Malware.74567916.susgen
Fortinet	W32/Injector.EIC!tr
AVG	AutoIt:Dropper-DL [Trj]
Panda	Trj/WLT.E
CrowdStrike	win/malicious_confidence_100% (W)