Categories: Backdoor

Backdoor.QakbotCS.S26805551 removal

The Backdoor.QakbotCS.S26805551 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.QakbotCS.S26805551 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • A process sent information about the computer to a remote location.
  • Attempts to identify installed AV products by installation directory
  • Attempts to detect ThreatTrack/GFI/CW Sandbox through the presence of a file
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine Backdoor.QakbotCS.S26805551?



File Info:

name: E6171835DC9CE3A0B9C5.mlwpath: /opt/CAPEv2/storage/binaries/f8b6bd48ee52899d3deefb474d59dd6bf9f7abd73dd30f8a2be8078e6ae74855crc32: 0CEC36E2md5: e6171835dc9ce3a0b9c5b627dcee86afsha1: 08ae52115ab40d68f030aee0ecf45302b891de2asha256: f8b6bd48ee52899d3deefb474d59dd6bf9f7abd73dd30f8a2be8078e6ae74855sha512: c74cfd4463cb211cb4426e593b4e856e85985f3a51bd38fcfd3c3c353ca64035dfa3001874d26c5b7c4a95fdc124d622cd8c8b6de418306aef006d061949a117ssdeep: 6144:u2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrK8/PzDvc2Eyv:u2TFafJiHCWBWPMjVWrjM2/vtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T15D948D5276C08032C46E1574D4BBAB7349397E355B31A6C3B3D07E69BDB12D2AA3834Esha3_384: e825ad91d89adca6f35acf656dab64a36817e754fc2d9072c6b2d112ce442740d3d5d16c980b255c149ea7ce89ff3b7bep_bytes: e8bf9e0000e989feffffff3520484400timestamp: 2013-10-31 11:53:49

Version Info:

0: [No Data]

Backdoor.QakbotCS.S26805551 also known as:

Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Agent.tn6r
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader10.36780
MicroWorld-eScan Trojan.GenericKDZ.74239
FireEye Generic.mg.e6171835dc9ce3a0
CAT-QuickHeal Backdoor.QakbotCS.S26805551
ALYac Trojan.GenericKDZ.74239
Cylance Unsafe
VIPRE Trojan.GenericKDZ.74239
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0048e2411 )
K7GW Trojan ( 0048e2411 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZexaF.34806.AuX@a46rhyoi
Cyren W32/MewsSpy.F.gen!Eldorado
Symantec SMG.Heur!gen
tehtris Generic.Malware
ESET-NOD32 Win32/MewsSpy.A
TrendMicro-HouseCall TROJ_GEN.R03BC0CGJ22
ClamAV Win.Malware.Qakbot-9860983-1
Kaspersky Trojan.Win32.Agent.nevpvs
BitDefender Trojan.GenericKDZ.74239
NANO-Antivirus Trojan.Win32.Agent.cmcvwb
Avast Win32:Malware-gen
Tencent Trojan.Win32.Agent.nevp
Ad-Aware Trojan.GenericKDZ.74239
Comodo Packed.Win32.MUPX.Gen@24tbus
Baidu Win32.Trojan.MewsSpy.a
Zillya Trojan.Agent.Win32.431220
TrendMicro TROJ_GEN.R03BC0CGJ22
McAfee-GW-Edition BehavesLike.Win32.Trickbot.gm
SentinelOne Static AI – Malicious PE
Trapmine malicious.high.ml.score
Emsisoft Trojan.GenericKDZ.74239 (B)
Ikarus Virus.Win32.MewsSpy
Jiangmin Trojan/Agent.hovi
Antiy-AVL Trojan/Generic.ASMalwS.24D
Microsoft Backdoor:Win32/Qakbot!rfn
ZoneAlarm Trojan.Win32.Agent.nevpvs
GData Win32.Trojan.PSE1.1CZO57C
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Hupe.Gen
McAfee GenericRXCQ-ID!E6171835DC9C
VBA32 Trojan.Agent
Malwarebytes Qbot.Backdoor.Stealer.DDS
APEX Malicious
Rising Trojan.Win32.MewsSpy.b (CLASSIC)
MAX malware (ai score=87)
MaxSecure P2P-Worm.Palevo.bhnc
Fortinet W32/MewsSpy.B!tr
AVG Win32:Malware-gen
Cybereason malicious.5dc9ce
Panda Trj/Genetic.gen

How to remove Backdoor.QakbotCS.S26805551?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.QakbotCS.S26805551
2 years ago

Recent Posts

Adware.BrowseFox.305 removal

The Adware.BrowseFox.305 is considered dangerous by lots of security experts. When this infection is active,…

33 mins ago

Win32/AutoRun.VB.AUW (file analysis)

The Win32/AutoRun.VB.AUW is considered dangerous by lots of security experts. When this infection is active,…

48 mins ago

Trojan:Win64/Metasploit!pz removal guide

The Trojan:Win64/Metasploit!pz is considered dangerous by lots of security experts. When this infection is active,…

48 mins ago

What is “Win32/Agent_AGen.BLW”?

The Win32/Agent_AGen.BLW is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Backdoor:MSIL/WebShell.GMF!MTB removal instruction

The Backdoor:MSIL/WebShell.GMF!MTB is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Mikey.163204 removal instruction

The Mikey.163204 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago