Backdoor

Backdoor.Win32.Cobalt.pk information

Malware Removal

The Backdoor.Win32.Cobalt.pk is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Win32.Cobalt.pk virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Backdoor.Win32.Cobalt.pk?


File Info:

name: DB38E1847B7CE337D660.mlw
path: /opt/CAPEv2/storage/binaries/b27f567b26590b53c2ce211787455450abf08ceef7d65bf81ae0ce1a4ee771b1
crc32: 1D5F4787
md5: db38e1847b7ce337d660c560a0d695d0
sha1: 0aa458218359382e3b5fad636cf104adf42bb38a
sha256: b27f567b26590b53c2ce211787455450abf08ceef7d65bf81ae0ce1a4ee771b1
sha512: ff3543cfb17613aec41db3e19bece6514dc46684dafb721a7c896c7d268608655315ebbadbba757582b4907b0fcd6d5713b90b2ed6c9c960746ac447d8141634
ssdeep: 12288:0zj7LwrRzKYFDyuyhGEoixGSbrUaMxkTYsgVh76pOn4GDe29C4vYNBAfN+gUDmss:8LENjyhGE7yEgVh7Te2msN+1is2YAqe
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T158556B8A7CE054B9D4A9C2328DB581917771B058073377DB2F458AB62EA2FC41F793B8
sha3_384: 6e6b62e680a899b1e0ff71fcc391050c3ad9a088c22fb19e055c92d07d44f427d5e7ba694887b39884dfcf0bda42a2b1
ep_bytes: e9bbc3ffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00

Version Info:

0: [No Data]

Backdoor.Win32.Cobalt.pk also known as:

LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
ALYacTrojan.GenericKDZ.80536
MalwarebytesMalware.AI.4259569595
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderTrojan.GenericKDZ.80536
K7GWTrojan ( 0057cbaa1 )
K7AntiVirusTrojan ( 0057cbaa1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of WinGo/Rozena.AQ
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Cobalt.pk
AlibabaBackdoor:Win32/Cobalt.a5517cc6
MicroWorld-eScanTrojan.GenericKDZ.80536
TencentWin32.Backdoor.Cobalt.Wrqe
Ad-AwareTrojan.GenericKDZ.80536
EmsisoftTrojan.GenericKDZ.80536 (B)
DrWebBackDoor.Meterpreter.157
TrendMicroBackdoor.Win64.COBEACON.YXBLAZ
McAfee-GW-EditionBehavesLike.Win64.Generic.th
FireEyeGeneric.mg.db38e1847b7ce337
SophosMal/Generic-S
IkarusTrojan.WinGo.Rozena
GDataTrojan.GenericKDZ.80536
JiangminTrojan.MSIL.afyzq
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1201999
MAXmalware (ai score=85)
GridinsoftRansom.Win64.Sabsik.sa
ArcabitTrojan.Generic.D13A98
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.Generic.C4622863
McAfeeArtemis!DB38E1847B7C
CylanceUnsafe
TrendMicro-HouseCallBackdoor.Win64.COBEACON.YXBLAZ
RisingTrojan.ShellCode!1.D2D8 (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetW32/Rozena.AQ!tr
AVGWin64:Trojan-gen
Cybereasonmalicious.183593
AvastWin64:Trojan-gen
MaxSecureTrojan.Malware.300983.susgen

How to remove Backdoor.Win32.Cobalt.pk?

Backdoor.Win32.Cobalt.pk removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment