Categories: Backdoor

Should I remove “Backdoor.Turla.A”?

The Backdoor.Turla.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Turla.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Turla.A?



File Info:

name: 47870FF98164155F0880.mlwpath: /opt/CAPEv2/storage/binaries/009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebbcrc32: FDD3317Bmd5: 47870ff98164155f088062c95c448783sha1: 15e710a107830b193124a6d2bbc785b9383262a9sha256: 009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebbsha512: 883b4b35948ce3de05d14ceab6bbb872d64f74bb5aba6d114c9b51d7c87d662ee0ac8e2ce032bb3b768d7f48c31c54c42e8f2de711b5303e7648ee00c06ab492ssdeep: 98304:LBOy82SvWaN6o/8Ne0iK6pPij+UP7/t8Wp5WhzI/FqeNaZsdS4zaAwZuaQixlJoH:FOUARl/pPAP7mWp5WRIqsAI4jQiLgtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T167563307E3D4BE3BDDD125B158AAD0721B77BA66FDB1C16A0606E3CE3861F214814B1Bsha3_384: 90e0426c5960d2ce1b41501322a0d61e9c5b6456ceadcc3d67e5bf0f3d85e5473ce6de8edecd09b4681b104f8356a412ep_bytes: ff250020400000000000000000000000timestamp: 2018-09-10 12:05:01

Version Info:

Translation: 0x0000 0x04b0FileDescription:  FileVersion: 0.0.0.0InternalName: topinambour.exeLegalCopyright:  OriginalFilename: topinambour.exeProductVersion: 0.0.0.0Assembly Version: 0.0.0.0

Backdoor.Turla.A also known as:

Lionic Trojan.Win32.Turla.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.621312
FireEye Generic.mg.47870ff98164155f
ALYac Backdoor.Turla.A
Cylance Unsafe
Sangfor Trojan.Win32.Turla.IOC
K7AntiVirus Trojan ( 0055976f1 )
Alibaba Trojan:MSIL/Shelma.206b6386
K7GW Trojan ( 0055976f1 )
Cybereason malicious.981641
Cyren W32/MSIL_Kryptik.CQL.gen!Eldorado
Symantec Trojan.Burtopinam
ESET-NOD32 a variant of MSIL/Turla.C
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan-Dropper.Win32.Agent.bjxzui
BitDefender Gen:Variant.Razy.621312
NANO-Antivirus Trojan.Win32.Turla.gcwznv
Avast Win32:Trojan-gen
Ad-Aware Gen:Variant.Razy.621312
Emsisoft Gen:Variant.Razy.621312 (B)
Comodo Malware@#2quz3k9gy49l8
DrWeb Trojan.MulDrop11.21139
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.0NA103BS20
McAfee-GW-Edition BehavesLike.Win32.Generic.tc
Sophos Mal/Generic-S
Ikarus Trojan.MSIL.Turla
GData Gen:Variant.Razy.621312
Jiangmin TrojanDropper.Agent.gimt
Webroot W32.Malware.Gen
Avira TR/Redcap.ckfpf
Antiy-AVL Trojan/Generic.ASMalwS.2C2C188
Kingsoft Win32.Troj.Agent.(kcloud)
Arcabit Trojan.Razy.D97B00
Microsoft Trojan:Win32/Occamy.C00
Cynet Malicious (score: 99)
AhnLab-V3 Trojan/Win32.Turla.R294757
McAfee Generic .kj
MAX malware (ai score=100)
VBA32 TrojanDropper.Agent
TrendMicro-HouseCall TROJ_FRS.0NA103BS20
Tencent Win32.Trojan.Rogue.Zaig
Yandex Trojan.DR.Agent!UzeiNeU/W2U
SentinelOne Static AI – Malicious PE
eGambit Unsafe.AI_Score_76%
Fortinet MSIL/Agent.BJXZUI!tr
BitDefenderTheta Gen:NN.ZemsilF.34266.@p0@aiZytKl
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.74635107.susgen

How to remove Backdoor.Turla.A?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Turla.Atopinambour.exe
2 years ago

Recent Posts

Application.Generic.3678684 malicious file

The Application.Generic.3678684 is considered dangerous by lots of security experts. When this infection is active,…

49 mins ago

Malware.AI.1560801952 malicious file

The Malware.AI.1560801952 is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

Malware.AI.3778280684 removal tips

The Malware.AI.3778280684 is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

Should I remove “Jalapeno.777”?

The Jalapeno.777 is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

MSIL/Kryptik.ALMH (file analysis)

The MSIL/Kryptik.ALMH is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

Should I remove “Trojan.Win32.Agent.xbmkrx”?

The Trojan.Win32.Agent.xbmkrx is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago