Categories: Backdoor

Backdoor.MSIL.NanoBot.beoh information

The Backdoor.MSIL.NanoBot.beoh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.NanoBot.beoh virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Attempts to remove evidence of file being downloaded from the Internet
A process was set to shut the system down when terminated
Installs itself for autorun at Windows startup
Exhibits behavior characteristic of Nanocore RAT
Creates a hidden or system file
Collects information to fingerprint the system

Related domains:

strongodss.ddns.net

How to determine Backdoor.MSIL.NanoBot.beoh?


File Info:
crc32: 4FBF528Cmd5: 1f2b73ef14f90fa0203944ecd4323af5name: 1F2B73EF14F90FA0203944ECD4323AF5.mlwsha1: 37d5eef0fced2bc24cd4467d1a0cb8130730adf1sha256: f0fd4187f0a243a44965e40cce649a1756b3f02821827dc876cbaf640b25cd5csha512: 098e93f75b2e39048903fad3f8412f1ecf304bb85379f365d72646cfbf49838414ed8d46d58da72d963c174dc651d8f71536fff01cbf303f5a467cbb2f64ca1fssdeep: 24576:BAOcZpJ2nUYXpTmPK66hmR4H9H721x33+A:bzUawd6kR4H9Hsrtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Backdoor.MSIL.NanoBot.beoh also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005734f51 )
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Multi
ALYac	Trojan.GenericKD.37105114
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/runner.ali1000123
K7GW	Trojan ( 005734f51 )
Cybereason	malicious.0fced2
Cyren	W32/Trojan.ODRX-0142
ESET-NOD32	RAR/Agent.DG
Zoner	Trojan.Win32.92739
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Malware.Lisk-9868752-0
Kaspersky	Backdoor.MSIL.NanoBot.beoh
BitDefender	Trojan.GenericKD.37105114
MicroWorld-eScan	Trojan.GenericKD.37105114
Ad-Aware	Trojan.GenericKD.37105114
Sophos	Mal/Generic-S
Comodo	Malware@#3pq05p1zoxz1z
F-Secure	Trojan.TR/AD.Nanocore.vxobt
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R03FC0PF521
McAfee-GW-Edition	BehavesLike.Win32.Suspicioustrojan.dc
FireEye	Generic.mg.1f2b73ef14f90fa0
Emsisoft	Trojan.GenericKD.37105114 (B)
Avira	TR/AD.Nanocore.vxobt
eGambit	Unsafe.AI_Score_96%
Kingsoft	Win32.Hack.MSIL.be.(kcloud)
Microsoft	Trojan:Win32/Predator.R!MTB
Gridinsoft	Ransom.Win32.Wacatac.oa!s1
Arcabit	Trojan.Generic.D2362DDA
AegisLab	Trojan.Multi.Generic.4!c
ZoneAlarm	Backdoor.MSIL.NanoBot.beoh
GData	Trojan.GenericKD.37105114
AhnLab-V3	Trojan/Win.Generic.R416039
McAfee	Artemis!1F2B73EF14F9
MAX	malware (ai score=82)
VBA32	Trojan.Tiggre
Malwarebytes	Trojan.Dropper.SFX
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R03FC0PF521
Ikarus	Trojan-Spy.FormBook
AVG	Win32:Trojan-gen
Paloalto	generic.ml