Categories: BackdoorRootkit

About “Backdoor.Rootkit” infection

The Backdoor.Rootkit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Rootkit virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Possible date expiration check, exits too soon after checking local time
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Created a process from a suspicious location
Deletes executed files from disk
Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Rootkit?


File Info:
name: AD9526D0E45723877483.mlwpath: /opt/CAPEv2/storage/binaries/356e967b75c4f6bfaf4b8df6dacebc9781a95cbe5cc312efd8ae336bca3dc08ccrc32: 68046286md5: ad9526d0e457238774836a8cdd10e2b8sha1: 10d5a37a8ef95c53f4e4c0846fe36914935dff8bsha256: 356e967b75c4f6bfaf4b8df6dacebc9781a95cbe5cc312efd8ae336bca3dc08csha512: 8bb163f02b522267ea1b86f4b484f915383a8eef9bf1a387b68ad78d09530486db3576cb2aa5330b2ba40024368b92311f2dcec91a9f08824c2406455689807dssdeep: 24576:Z2V5DCU+BF1Q7ZV8Zofd/+7mwgpWJrPY9MUqCGCObn+3Zcgo+Iv4Z+q3C6C6IxGb:ZM5qSbC8cmw5JLfNB7C3o++4wq3POksItype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T10165F186A6D8C237E0A3C37488921249F2B45B511B38C7DB0397426DEF366FC9976367sha3_384: 42141929cb8512dc5f65497da0b058e8afca9a36f12337bbb928c8ff9d1822295af4f7ab4f2150f59d99578b5b5d8ec9ep_bytes: e83b190000e88318000033c0c3909090timestamp: 2022-07-11 03:40:23
Version Info:
FileVersion: 1.0.0.0FileDescription: 易语言程序ProductName: 易语言程序ProductVersion: 1.0.0.0LegalCopyright: 作者版权所有 请尊重并使用正版Comments: 本程序使用易语言编写(http://www.eyuyan.com)Translation: 0x0804 0x04b0

Backdoor.Rootkit also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop20.20444
MicroWorld-eScan	Trojan.GenericKD.39972926
FireEye	Generic.mg.ad9526d0e4572387
CAT-QuickHeal	Trojan.Sabsik
McAfee	Artemis!AD9526D0E457
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.BlackMoon
K7AntiVirus	Trojan ( 005930da1 )
Alibaba	Trojan:Win32/Blamon.2d24a57e
K7GW	Trojan ( 005930da1 )
CrowdStrike	win/malicious_confidence_70% (W)
Cyren	W32/ABRisk.CGTP-7152
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.BlackMoon.A suspicious
Paloalto	generic.ml
ClamAV	Win.Dropper.Tiggre-9845940-0
BitDefender	Trojan.GenericKD.39972926
Avast	Win64:CrypterX-gen [Trj]
Ad-Aware	Trojan.GenericKD.39972926
VIPRE	Trojan.GenericKD.39972926
TrendMicro	TROJ_GEN.R002C0WGB22
Trapmine	malicious.high.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
Avira	BDS/Backdoor.Gen3
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASCommon.218
Kingsoft	Win32.Troj.Undef.(kcloud)
Arcabit	Trojan.Generic.D261F03E
Microsoft	PUAAdvertising:Win32/LoadMoney
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win.Generic.R505562
VBA32	Backdoor.Rootkit
ALYac	Trojan.GenericKD.39972926
APEX	Malicious
Rising	Trojan.Generic@AI.100 (RDML:ScxJc5Zo5eeL4ecPH19FJA)
Yandex	Trojan.Blamon!yB1kWvgcN54
Ikarus	Trojan.Win32.Generic
MaxSecure	Dropper.Dinwod.frindll
Fortinet	W32/CoinMiner.BBYK!tr
AVG	Win64:CrypterX-gen [Trj]