Backdoor

Backdoor.MSIL.NanoBot.bbzg (file analysis)

Malware Removal

The Backdoor.MSIL.NanoBot.bbzg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.MSIL.NanoBot.bbzg virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • Collects information to fingerprint the system

How to determine Backdoor.MSIL.NanoBot.bbzg?



File Info:

crc32: 1D3631F4
md5: 1ef872652a143f17864063628cd4941d
name: cypher.exe
sha1: ec9a67807e415f1ea3f1a612b1ee5a9f6320eddd
sha256: 033b92cfbba3eaa6e37768562c6259a821103691ae077f3cec7327d30abb5dff
sha512: a441ae68668c8b7d309b4baa7a3aab986aa9147daf30c2de4ee7cd6290f0975d8d0e37d1c7a36efd531ae2f910edd361e07ab5619b59681bc74ef42813a8379f
ssdeep: 24576:ltb20pkaCqT5TBWgNQ7aIDiHm4YENPFLkDnPWySnmQ5L78hVM6A:WVg5tQ7aID0m4YM9KeySnR5L795
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0809 0x04b0

Backdoor.MSIL.NanoBot.bbzg also known as:

MicroWorld-eScanTrojan.AutoIT.Agent.AAJ
McAfeeArtemis!1EF872652A14
CylanceUnsafe
AegisLabTrojan.MSIL.NanoBot.m!c
BitDefenderTrojan.AutoIT.Agent.AAJ
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.Autoit.FEE
APEXMalicious
AvastScript:SNH-gen [Trj]
KasperskyBackdoor.MSIL.NanoBot.bbzg
RisingTrojan.Obfus/Autoit!1.C045 (CLASSIC)
EmsisoftTrojan.AutoIT.Agent.AAJ (B)
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.1ef872652a143f17
CyrenW32/AutoIt.OM.gen!Eldorado
Antiy-AVLGrayWare/Autoit.BinToStr.a
MicrosoftTrojan:Win32/Predator.BD!MTB
Endgamemalicious (high confidence)
ArcabitTrojan.AutoIT.Agent.AAJ
ZoneAlarmBackdoor.MSIL.NanoBot.bbzg
GDataMSIL.Backdoor.Nancat.KTULQO
AhnLab-V3Trojan/AU3.Wacatac.S1079
Acronissuspicious
MAXmalware (ai score=100)
MalwarebytesSpyware.PasswordStealer
TencentMsil.Backdoor.Nanobot.Edym
FortinetAutoIt/Injector.FEE!tr
AVGScript:SNH-gen [Trj]
Paloaltogeneric.ml
MaxSecureTrojan.Malware.300983.susgen

How to remove Backdoor.MSIL.NanoBot.bbzg?

Backdoor.MSIL.NanoBot.bbzg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment