Categories: Backdoor

Backdoor.Win32.Emotet.amuh (file analysis)

The Backdoor.Win32.Emotet.amuh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Emotet.amuh virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.Win32.Emotet.amuh?


File Info:

crc32: DFA0070Cmd5: 3a02459e0a6ad23ba5b039d7e9af9f88name: upload_filesha1: f53f4060b8b82998bbc5dda6813da226e0b8723esha256: 1e74193a3fc15fffb2071bc0e7d8e74c336d47055fe6ec025f3ccdfbf305480fsha512: a43819a2789442422603d6b5a9f5297a18a8885b44aee27f6c6abf16541629f67dbf08b2a809a8984c554d3b9c973b52378ef4c17efe17a085bee2f2fb024508ssdeep: 12288:m/J+NC0xu2rPcHKeNmcZvF/SZGYzZ5Q/+N:cJ8R6mcVF/mGY4WNtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.InternalName: nlsbres.dllFileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)CompanyName: Microsoft CorporationProductName: Microsoftxae Windowsxae Operating SystemProductVersion: 6.1.7601.23572FileDescription: NLSBuild resource DLLOriginalFilename: nlsbres.dllTranslation: 0x0409 0x04b0

Backdoor.Win32.Emotet.amuh also known as:

Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43566038
Qihoo-360 Win32/Backdoor.73e
ALYac Trojan.GenericKD.43566038
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Emotet.L!c
K7AntiVirus Trojan ( 0056b9711 )
BitDefender Trojan.GenericKD.43566038
K7GW Trojan ( 0056b9711 )
TrendMicro TROJ_GEN.R002C0DGU20
BitDefenderTheta Gen:NN.ZexaF.34144.4y0@ainU0!gk
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TROJ_GEN.R002C0DGU20
Avast Win32:Malware-gen
Kaspersky Backdoor.Win32.Emotet.amuh
ViRobot Trojan.Win32.Emotet.929792
APEX Malicious
Ad-Aware Trojan.GenericKD.43566038
Sophos Troj/Emotet-CKK
DrWeb Trojan.DownLoader34.10773
FireEye Generic.mg.3a02459e0a6ad23b
Emsisoft Trojan.GenericKD.43566038 (B)
Ikarus Trojan-Banker.Emotet
Fortinet W32/GenKryptik.EPAZ!tr
Arcabit Trojan.Generic.D298C3D6
ZoneAlarm Backdoor.Win32.Emotet.amuh
Microsoft Trojan:Win32/Emotet.ARJ!MTB
AhnLab-V3 Trojan/Win32.GenKryptik.R346369
McAfee Emotet-FRI!3A02459E0A6A
MAX malware (ai score=100)
Malwarebytes Trojan.Emotet
ESET-NOD32 Win32/Emotet.CD
Rising Trojan.Kryptik!1.C80B (CLASSIC)
GData Trojan.GenericKD.43566038
AVG Win32:Malware-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (W)

How to remove Backdoor.Win32.Emotet.amuh?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

2 months ago