Categories: Backdoor

About “Backdoor.TVRat.Dropper” infection

The Backdoor.TVRat.Dropper is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.TVRat.Dropper virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
CAPE detected the embedded win api malware family
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor.TVRat.Dropper?


File Info:
name: 6E29FA4BCBEED83AA915.mlwpath: /opt/CAPEv2/storage/binaries/b6acd4e559fc503fffad75e3a6a20b9392d32a8a963c395f56f7a09d8e6bb886crc32: 46094047md5: 6e29fa4bcbeed83aa9159221f9724fdcsha1: f86e6ad5d9057484e6056625235c65f31e1d69f3sha256: b6acd4e559fc503fffad75e3a6a20b9392d32a8a963c395f56f7a09d8e6bb886sha512: 4d75afde52fc8961a0e6df57404d36e3c9d8bd8b6b30863c380448b239e3a4e9713b89142d7e4d419324c9830cfc376e716d4a6d7fb128a91acd95a213a4da1essdeep: 98304:TpIgPP8GeU9MuTi0yaYobgazVeL2/CJyc6uCXEInqwiW8Ysqwl:1IgP99Mu25aBgazVeSRc6uCXfiW8YsXtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13E16330105E2C473E58990B6AE8C6794563B76990FA5F2ACF3FC8BF41FE1A1214267F4sha3_384: d125e52214e41f2e51d73209df696a0938a50e13de77cea3977ba03700c06c2c8fb1439f496cd4d691a1e342e8cc1778ep_bytes: 558bec83c4c453565733c08945f08945timestamp: 2024-03-24 11:49:43
Version Info:
Comments: This installation was built with Inno Setup.CompanyName:                                                             FileDescription: Color Point Setup                                           FileVersion:                     LegalCopyright:                                                                                                     ProductName: Color Point                                                 ProductVersion:                                                   Translation: 0x0000 0x04b0

Backdoor.TVRat.Dropper also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Ekstak.4!c
Skyhigh	BehavesLike.Win32.ObfuscatedPoly.rc
McAfee	Artemis!6E29FA4BCBEE
Cylance	unsafe
Sangfor	Trojan.Win32.Agent.Vq23
K7AntiVirus	Trojan ( 005722f11 )
K7GW	Trojan ( 005722f11 )
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R002H0CCO24
Kaspersky	Trojan.Win32.Ekstak.awtah
Avast	Other:Malware-gen [Trj]
Tencent	Win32.Trojan.Ekstak.Eplw
F-Secure	Heuristic.HEUR/AGEN.1373347
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	HEUR/AGEN.1373347
Varist	W32/Trojan.MBYK-2189
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	Trojan.Win32.Ekstak.awtah
GData	Win32.Backdoor.Bodelph.TN4C93
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Malware-gen.C5604686
Malwarebytes	Backdoor.TVRat.Dropper
Panda	Trj/Chgt.AD
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Agent.SLC!tr
AVG	Other:Malware-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan[dropper]:Win/Ekstak.awtah