Backdoor

What is “Backdoor.Win32.DarkKomet.ihxx”?

Malware Removal

The Backdoor.Win32.DarkKomet.ihxx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.DarkKomet.ihxx virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Backdoor.Win32.DarkKomet.ihxx?



File Info:

name: 8A11535D73869A822B2E.mlw
path: /opt/CAPEv2/storage/binaries/4914644a9f9b6c6f66ed91e3c1de9142a0f2ce23f73fc1f2e6c80bbe15de46d4
crc32: 9DC62CEB
md5: 8a11535d73869a822b2e04c57f66fec9
sha1: 387dde7cf80a05b24267305a01d6abeb47c4b753
sha256: 4914644a9f9b6c6f66ed91e3c1de9142a0f2ce23f73fc1f2e6c80bbe15de46d4
sha512: a3cc0d2ab0252f237df23b63be4b48e9c72123076fc0b5312aa1a4b848fb75e6e6467f65400304f7b2d29ceec58410adf77ffc5eea4be536cbd3727df61e709a
ssdeep: 98304:OUw363YZTEIyfvwXO9/MuMAGmKmo1QXiR8cB:1OEIyfvF1MAGmO1RlB
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1BE46D02277548074C1AB8279DD6F9A4EE6BA79200F304ACF53E80B5E1F37BD11A39752
sha3_384: 8dbee4babbcb1e89259d881d27cd10267282cc5fb30c43ed7282defb9a3185cc8c5fa05bf2bcc047b3221aed73c8a772
ep_bytes: 558bec83e4f881ec8c04000033c05356
timestamp: 2020-10-02 05:36:38


Version Info:

Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: Project3.exe
LegalCopyright: 
OriginalFilename: Project3.exe
ProductName: 
ProductVersion: 1.0.0.0
Packager: Turbo Studio 16
PackagerVersion: 16.0.482
VmVersion: 11.8.738

Backdoor.Win32.DarkKomet.ihxx also known as:

BkavW32.AIDetectMalware
FireEyeGeneric.mg.8a11535d73869a82
SkyhighBehavesLike.Win32.Dropper.tc
ZillyaBackdoor.DarkKomet.Win32.48354
CrowdStrikewin/malicious_confidence_60% (W)
AlibabaBackdoor:Win32/DarkKomet.0d29efdb
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.DarkKomet.ihxx
TencentWin32.Backdoor.Darkkomet.Dnhl
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Generic.mydj
XcitiumBackdoor.Win32.DarkKomet.GH@60rz8p
ZoneAlarmBackdoor.Win32.DarkKomet.ihxx
McAfeeArtemis!8A11535D7386
RisingTrojan.Generic@AI.97 (RDML:4ZjTSct9Cktd/TqLrn3RtA)
DeepInstinctMALICIOUS

How to remove Backdoor.Win32.DarkKomet.ihxx?

Backdoor.Win32.DarkKomet.ihxx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment