Backdoor

Backdoor.ProRat malicious file

Malware Removal

The Backdoor.ProRat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.ProRat virus can do?

  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Starts servers listening on 0.0.0.0:5110, 0.0.0.0:5112, 0.0.0.0:51100
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Deletes its original binary from disk
  • Attempts to stop active services
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Likely virus infection of existing system binary
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz
aku.edu.tr
atauni.edu.tr
ege.edu.tr
ankara.edu.tr

How to determine Backdoor.ProRat?



File Info:

crc32: 8AD8AC58
md5: 31af92f1f0d05f1b8eb3695b05722e15
name: fake_mario.exe
sha1: 1c18d9fd3be223e24e1be8a831d1f96f362e0bd6
sha256: e1be98f4fbca539aefe48a7e6dacafb64f409b122d27fb3b95527c93b9f0f33e
sha512: 2f78a0b72741fc3f2704d7df884e53c659724f4ed1c97f3d05d836bdb8705736ed0c62c950b1e235e0974af59a157c8656b3d10a2aab0bca92458e462385258a
ssdeep: 6144:3Rqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4yM8:BqmpplpGoGL3etQoMiXM8gxf/Sj4yM8
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed


Version Info:

0: [No Data]

Backdoor.ProRat also known as:

BkavW32.OnlineGameXVMA.Trojan
MicroWorld-eScanGeneric.Malware.G!SFMBVbg.0A331DB0
CMCBackdoor.Win32.Prorat!O
CAT-QuickHealBackdoor.Prorat.T8
McAfeeBackDoor-AVW
CylanceUnsafe
VIPREBackdoor.Win32.Agent.aaz (fs)
K7AntiVirusBackdoor ( 0020e8c31 )
BitDefenderGeneric.Malware.G!SFMBVbg.0A331DB0
K7GWBackdoor ( 0020e8c31 )
Cybereasonmalicious.1f0d05
TrendMicroBKDR_AVW.A
BaiduWin32.Backdoor.Prorat.f
CyrenW32/ProratP.A
SymantecTrojan Horse
TotalDefenseWin32/ProRat.L
APEXMalicious
AvastWin32:GenMalicious-BME [Trj]
ClamAVWin.Trojan.Prorat-37
GDataGeneric.Malware.G!SFMBVbg.0A331DB0
KasperskyBackdoor.Win32.Prorat.npv
NANO-AntivirusTrojan.Win32.Prorat.wlinm
ViRobotBackdoor.Win32.Prorat.4096
TencentTrojan.Win32.Prorat.ad
Endgamemalicious (moderate confidence)
EmsisoftGeneric.Malware.G!SFMBVbg.0A331DB0 (B)
ComodoBackdoor.Win32.Agent.AVW85@11x5ri
F-SecureBackdoor.BDS/Prorat.19.O
DrWebBackDoor.ProRat.3085
ZillyaBackdoor.Prorat.Win32.8984
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Backdoor.fc
MaxSecureBackdoor.W32.Prorat.npv
FireEyeGeneric.mg.31af92f1f0d05f1b
SophosTroj/Prorat-19
IkarusBackdoor.Win32.Prorat
F-ProtW32/ProratP.A
JiangminBackdoor/Prorat.11.c
WebrootW32.Prorat.Gen
AviraBDS/Prorat.19.O
MAXmalware (ai score=85)
Antiy-AVLTrojan[Backdoor]/Win32.VB.aoi
MicrosoftBackdoor:Win32/Prorat.L
ArcabitGeneric.Malware.G!SFMBVbg.0A331DB0
SUPERAntiSpywareTrojan.Agent/Gen-Prorat
ZoneAlarmBackdoor.Win32.Prorat.npv
AhnLab-V3Trojan/Win32.Prorat.R1757
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34106.vmHfaSxloIni
ALYacGeneric.Malware.G!SFMBVbg.0A331DB0
VBA32MalwareScope.Trojan-PSW.Pinch.1
MalwarebytesBackdoor.ProRat
PandaTrj/Genetic.gen
ZonerTrojan.Win32.32410
ESET-NOD32Win32/Prorat.19
TrendMicro-HouseCallBKDR_AVW.A
RisingBackdoor.ProRat.19.iv (CLASSIC)
YandexBackdoor.Prorat.AR1
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/Prorat.I!tr.bdr
Ad-AwareGeneric.Malware.G!SFMBVbg.0A331DB0
AVGWin32:GenMalicious-BME [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM11.1.79B7.Malware.Gen

How to remove Backdoor.ProRat?

Backdoor.ProRat removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment