Backdoor

Should I remove “Backdoor.Turla.A”?

Malware Removal

The Backdoor.Turla.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Turla.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Turla.A?



File Info:

name: 47870FF98164155F0880.mlw
path: /opt/CAPEv2/storage/binaries/009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebb
crc32: FDD3317B
md5: 47870ff98164155f088062c95c448783
sha1: 15e710a107830b193124a6d2bbc785b9383262a9
sha256: 009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebb
sha512: 883b4b35948ce3de05d14ceab6bbb872d64f74bb5aba6d114c9b51d7c87d662ee0ac8e2ce032bb3b768d7f48c31c54c42e8f2de711b5303e7648ee00c06ab492
ssdeep: 98304:LBOy82SvWaN6o/8Ne0iK6pPij+UP7/t8Wp5WhzI/FqeNaZsdS4zaAwZuaQixlJoH:FOUARl/pPAP7mWp5WRIqsAI4jQiLg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167563307E3D4BE3BDDD125B158AAD0721B77BA66FDB1C16A0606E3CE3861F214814B1B
sha3_384: 90e0426c5960d2ce1b41501322a0d61e9c5b6456ceadcc3d67e5bf0f3d85e5473ce6de8edecd09b4681b104f8356a412
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-09-10 12:05:01


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: topinambour.exe
LegalCopyright:  
OriginalFilename: topinambour.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor.Turla.A also known as:

LionicTrojan.Win32.Turla.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.621312
FireEyeGeneric.mg.47870ff98164155f
ALYacBackdoor.Turla.A
CylanceUnsafe
SangforTrojan.Win32.Turla.IOC
K7AntiVirusTrojan ( 0055976f1 )
AlibabaTrojan:MSIL/Shelma.206b6386
K7GWTrojan ( 0055976f1 )
Cybereasonmalicious.981641
CyrenW32/MSIL_Kryptik.CQL.gen!Eldorado
SymantecTrojan.Burtopinam
ESET-NOD32a variant of MSIL/Turla.C
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.Agent.bjxzui
BitDefenderGen:Variant.Razy.621312
NANO-AntivirusTrojan.Win32.Turla.gcwznv
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Razy.621312
EmsisoftGen:Variant.Razy.621312 (B)
ComodoMalware@#2quz3k9gy49l8
DrWebTrojan.MulDrop11.21139
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_FRS.0NA103BS20
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
IkarusTrojan.MSIL.Turla
GDataGen:Variant.Razy.621312
JiangminTrojanDropper.Agent.gimt
WebrootW32.Malware.Gen
AviraTR/Redcap.ckfpf
Antiy-AVLTrojan/Generic.ASMalwS.2C2C188
KingsoftWin32.Troj.Agent.(kcloud)
ArcabitTrojan.Razy.D97B00
MicrosoftTrojan:Win32/Occamy.C00
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Turla.R294757
McAfeeGeneric .kj
MAXmalware (ai score=100)
VBA32TrojanDropper.Agent
TrendMicro-HouseCallTROJ_FRS.0NA103BS20
TencentWin32.Trojan.Rogue.Zaig
YandexTrojan.DR.Agent!UzeiNeU/W2U
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_76%
FortinetMSIL/Agent.BJXZUI!tr
BitDefenderThetaGen:NN.ZemsilF.34266.@p0@aiZytKl
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.74635107.susgen

How to remove Backdoor.Turla.A?

Backdoor.Turla.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment