Backdoor

Backdoor.PsixBot malicious file

Malware Removal

The Backdoor.PsixBot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.PsixBot virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality

Related domains:

dns2.soprodns.ru
wpad.local-net

How to determine Backdoor.PsixBot?



File Info:

name: B0CC001C26FD5FCF73D6.mlw
path: /opt/CAPEv2/storage/binaries/061734acfaf36dedc370ce047e3d351429ce57a6e7257ca465bd43d8541a14c7
crc32: 0692A7A1
md5: b0cc001c26fd5fcf73d6fefcc67d6e5c
sha1: 2554c4b0b86f009fc0aee82775342e70a4f51c54
sha256: 061734acfaf36dedc370ce047e3d351429ce57a6e7257ca465bd43d8541a14c7
sha512: b8d57759f5c0861d322d338ea91385458928bd010961c89da97983844f4e6061c4f5b464434ebd21ffc38d4d97d7b37d96ecb9a6648ee39192c0423111ef9f50
ssdeep: 3072:tZTz1WIXC6GESSgWNRXumi7+IF6foPCaTRMXbaev0FQcmWk6kwsNIf6cHzbQ2v0V:tZHcIX9SSgMi+IFZMbQrkodzb4VF2Yd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T111846B0177E08636D1BE4A35A8B1462586B9F4271A21CF9F3ECC16E94F717C09B21FA7
sha3_384: 45cea9ed9d4d6f6982ae754c76f6a43a1c34929a27c6385923676fae23455db48bb0002722da185e652371059910252f
ep_bytes: e81a050000e98efeffff558bec6a00ff
timestamp: 2018-02-27 19:15:05


Version Info:

CompanyName: Microsoft inc.
FileDescription: Windows Audio Driver
FileVersion: 4.3.12.157
InternalName: audiohd.exe
LegalCopyright: Copyright (C) 2016
OriginalFilename: audiohd.exe
ProductName: Windows Audio Driver
ProductVersion: 1.5.7.2
Translation: 0x0419 0x04b0

Backdoor.PsixBot also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebBackDoor.PsiXBot.2
MicroWorld-eScanGen:Variant.Zusy.325695
FireEyeGeneric.mg.b0cc001c26fd5fcf
McAfeeGenericRXEO-DN!B0CC001C26FD
CylanceUnsafe
K7AntiVirusTrojan ( 0051ebb51 )
AlibabaBackdoor:Win32/PsixBot.a739f90d
K7GWTrojan ( 0051ebb51 )
Cybereasonmalicious.c26fd5
BitDefenderThetaGen:NN.ZexaF.34294.yu3@aOePXgnk
CyrenW32/Agent.DTR.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.BON
TrendMicro-HouseCallTROJ_GEN.R002C0PKM21
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.Win32.PsixBot.gen
BitDefenderGen:Variant.Zusy.325695
AvastWin32:BackdoorX-gen [Trj]
RisingTrojan.Generic@ML.83 (RDML:PY9Lr73XbVBzX4mIR7Faxw)
Ad-AwareGen:Variant.Zusy.325695
SophosMal/Generic-S
ZillyaBackdoor.Agent.Win32.65204
TrendMicroTROJ_GEN.R002C0PKM21
McAfee-GW-EditionGenericRXEO-DN!B0CC001C26FD
SentinelOneStatic AI – Suspicious PE
EmsisoftGen:Variant.Zusy.325695 (B)
IkarusTrojan.MSIL.Agent
JiangminBackdoor.MSIL.aqja
AviraHEUR/AGEN.1116853
Antiy-AVLTrojan/Generic.ASMalwS.24D71E2
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GridinsoftRansom.Win32.Sabsik.sa
GDataGen:Variant.Zusy.325695
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C2459413
VBA32Backdoor.PsixBot
ALYacGen:Variant.Zusy.325695
MalwarebytesMalware.AI.2253289343
APEXMalicious
TencentMalware.Win32.Gencirc.1168ef3c
YandexBackdoor.Agent!HZGjF/MKXt0
MAXmalware (ai score=87)
FortinetW32/Generic.AC.41EDEB
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (W)
MaxSecureTrojan.Malware.121218.susgen

How to remove Backdoor.PsixBot?

Backdoor.PsixBot removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment