Backdoor.Win32.Cobalt.pp removal instruction

The Backdoor.Win32.Cobalt.pp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Cobalt.pp virus can do?

Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Backdoor.Win32.Cobalt.pp?


File Info:
name: 809D11C2D352AEF17306.mlw
path: /opt/CAPEv2/storage/binaries/8f3207e6f53fd346e1fdc84618b68dfb2e469d5e873210692ef21057ed5b707b
crc32: 0F6F9F51
md5: 809d11c2d352aef17306906fcdb6547a
sha1: 1b9d39b3f6de62f7abbbb92feb16f6e5e138b2ec
sha256: 8f3207e6f53fd346e1fdc84618b68dfb2e469d5e873210692ef21057ed5b707b
sha512: 1e7e05c8a82b8eb26e7c9de780f6fa68d6cc6c6de94ec5124fb42da09b7f34c955e786c79d316cc73dc005aae6af8844a3ffb33335e88874b06ed27596b4cbf5
ssdeep: 49152:IauDmpKClzvSU1peYy25MRnSRgd9dyMN9d9dsnntnnnnhN9d9dJNnn8:DpKCcMMRSCd9dyMN9d9dsnntnnnnhN9+
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1DEB53912B8F5ECA5F56EF1F1C5A192A03E3E7C6403223BC72AB5757E1975AD02A39340
sha3_384: cbf5938482c5c8d165360f617e79d836adfaeab68d1d4af7390102ee73dbcdf2266d68bb52dbbeb38586ee80e091517b
ep_bytes: e99bc8ffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

Backdoor.Win32.Cobalt.pp also known as:

Lionic	Trojan.Win32.Generic.4!c
Cylance	Unsafe
K7AntiVirus	Trojan ( 005816ba1 )
K7GW	Trojan ( 005816ba1 )
Cybereason	malicious.3f6de6
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of WinGo/Rozena.DQ
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Bulz-9879188-0
Kaspersky	Backdoor.Win32.Cobalt.pp
Avast	Win64:Trojan-gen
DrWeb	BackDoor.Meterpreter.157
TrendMicro	Backdoor.Win64.COBEACON.YXBLCZ
McAfee-GW-Edition	BehavesLike.Win64.Amonetize.vh
Sophos	Mal/Generic-S
Ikarus	Trojan.WinGo.Rozena
GData	MSIL.Backdoor.Rozena.VYMR0X
Avira	HEUR/AGEN.1138546
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!809D11C2D352
Malwarebytes	Trojan.ShellCode
TrendMicro-HouseCall	Backdoor.Win64.COBEACON.YXBLCZ
Rising	Backdoor.CobaltStrike!1.D9A1 (CLASSIC)
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Rozena.DQ!tr
AVG	Win64:Trojan-gen
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Backdoor.Win32.Cobalt.pp?

Backdoor.Win32.Cobalt.pp removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X