Backdoor.RAT.Netwire information

Malware Removal

The Backdoor.RAT.Netwire is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.RAT.Netwire virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Anomalous binary characteristics

Related domains:

mardjdf.ug
kjsdtrfuyhgxcv.ru

How to determine Backdoor.RAT.Netwire?


File Info:

crc32: 7433F6AC
md5: bc0b7f582f7abee33421f44d028dfecb
name: nsdfhjkgvxcb.exe
sha1: 6f55ffd27ebf2db12bd7e26ab17d69a3161da5d3
sha256: 7530332a1cfd2b84b1a91d63b7fbcf332601cf6648f891d464af3fdd369cd4d7
sha512: 3bf93b910c995b4b6082027db65ffa93ccd4ee9cf2ef240e6b051bdbb1f1194f136e8e6a6cf498d668f4429535f22d2a2a19d1cdb1c7fd6657565d630f2937b2
ssdeep: 3072:VSbB992EBEkgSW9DaVY2vIVZTKMsbHPDxmwAvrKBOyAgC98s6jFWE37e:VSbB32kEkIIzyPs7xmLvryxhO89FWE3K
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) hiphape 2019
InternalName: subsidize.exe
FileVersion: 1.8.8.2
CompanyName: Street
ProductName: paal
ProductVersion: 6.6.4.7
FileDescription: urethrophyma
OriginalFilename: sassabies.exe
Translation: 0x0409 0x04b0

Backdoor.RAT.Netwire also known as:

MicroWorld-eScanTrojan.GenericKD.42075122
FireEyeGeneric.mg.bc0b7f582f7abee3
CAT-QuickHealTrojan.Netwire
McAfeeRDN/Generic.hbg
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 0055c8391 )
BitDefenderTrojan.GenericKD.42075122
K7GWTrojan ( 0055c8391 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
APEXMalicious
GDataTrojan.GenericKD.42075122
KasperskyTrojan.Win32.NetWire.hqw
NANO-AntivirusTrojan.Win32.GenKryptik.gkeihl
AegisLabTrojan.Multi.Generic.4!c
RisingTrojan.Generic@ML.88 (RDMK:ABKnsBTrc3IRNY+ftiDlFw)
Ad-AwareTrojan.GenericKD.42075122
EmsisoftTrojan.GenericKD.42075122 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.DownLoader30.46746
Invinceaheuristic
McAfee-GW-EditionRDN/Generic.hbg
SophosMal/Generic-S
IkarusTrojan.Win32.Krypt
CyrenW32/Trojan.AGPX-3564
JiangminTrojan.NanoBot.nw
WebrootW32.Malware.gen
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=83)
ArcabitTrojan.Generic.D28203F2
ZoneAlarmTrojan.Win32.NetWire.hqw
MicrosoftTrojan:Win32/Netwire.AA!MTB
AhnLab-V3Malware/Win32.RL_Generic.R301854
BitDefenderThetaGen:NN.ZexaF.32519.jq3@aWuG!6ni
ALYacBackdoor.RAT.Netwire
VBA32Malware-Cryptor.General.3
MalwarebytesBackdoor.KeyLogger
PandaTrj/CI.A
ESET-NOD32a variant of Win32/GenKryptik.DYXF
TrendMicro-HouseCallTROJ_GEN.R002C0DL219
SentinelOneDFI – Malicious PE
FortinetW32/GenKryptik.DYXF!tr
AVGFileRepMalware
Cybereasonmalicious.27ebf2
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.b68

How to remove Backdoor.RAT.Netwire?

Backdoor.RAT.Netwire removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment