Backdoor

Backdoor.MSIL.Pandora.pef malicious file

Malware Removal

The Backdoor.MSIL.Pandora.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.MSIL.Pandora.pef virus can do?

  • At least one process apparently crashed during execution
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Backdoor.MSIL.Pandora.pef?



File Info:

name: 792C956C32DC2BCACFF8.mlw
path: /opt/CAPEv2/storage/binaries/d7c3fc970780b0a9fc76b0df938a0c8d00d95af920c242f5160703068eb6c40f
crc32: D82EFEF5
md5: 792c956c32dc2bcacff8b75703d6cdd6
sha1: 62a6b4d49dfd5b90d4939b287bf877967b65b5de
sha256: d7c3fc970780b0a9fc76b0df938a0c8d00d95af920c242f5160703068eb6c40f
sha512: 3f253c4e9bb6a37ac5cfa98c03412722598990a075fd5f0cc4602bf8c4b13bb31ba069a77a8450d5c0156443171a98bbf0dc29d48182d2c80c4f4fa708f19946
ssdeep: 6144:MZZ4++++++++++++++++WpppppLl+JiOZzp5CtJw3FZhasdHMyc7Pm:MZZTpppppLlgia5v3kAsjb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1990546BE4F1602DCF1EF7036C46E7605AE622FAE15616D984229742E493E02E50FF1ED
sha3_384: 7e2563f69690b9790306876cf40af8e3179fb1a6d3d15e077e92091292f9751a311532c672df3eee3693c2fface5c431
ep_bytes: eb02de8050eb0236f7e81a000000eb04
timestamp: 2085-04-08 03:52:40


Version Info:

CompanyName: Glarysoft Ltd
FileDescription: OneClickMaintenance
FileVersion: 5, 0, 0, 8
InternalName: OneClickMaintenance.exe
LegalCopyright: Copyright (c) 2003-2020 Glarysoft Ltd
OriginalFilename: OneClickMaintenance.exe
ProductName: Glary Utilities
ProductVersion: 5.0.0.0
Translation: 0x0804 0x03a8

Backdoor.MSIL.Pandora.pef also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
FireEyeGeneric.mg.792c956c32dc2bca
McAfeeArtemis!792C956C32DC
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.34638.0q3@amjJkcdj
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
KasperskyHEUR:Backdoor.MSIL.Pandora.pef
AvastWin32:Malware-gen
F-SecureBackdoor.BDS/Redcap.ymhgp
McAfee-GW-EditionBehavesLike.Win32.Generic.ct
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win32.Obsidium
AviraBDS/Redcap.ymhgp
ZoneAlarmHEUR:Backdoor.MSIL.Pandora.pef
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.RedLine.C5040156
MalwarebytesTrojan.MalPack.Obsidium
APEXMalicious
RisingExploit.Shellcode!8.2A (TFE:dGZlOgPx1Ul2oyH5hg)
SentinelOneStatic AI – Malicious PE
FortinetPossibleThreat.PALLAS.H
AVGWin32:Malware-gen

How to remove Backdoor.MSIL.Pandora.pef?

Backdoor.MSIL.Pandora.pef removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment