Backdoor

What is “Backdoor.Win32.Emotet.anfn”?

Malware Removal

The Backdoor.Win32.Emotet.anfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Emotet.anfn virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Emotet.anfn?



File Info:

crc32: 92823BB4
md5: cac9c45ed3d1748b20c1eba6d06ad6d4
name: upload_file
sha1: ef87ddae290a184aafc1ef5384b53573da75ae63
sha256: b5ae08edf80de349ba49ddd5e6ba6e8463adcd3c8f61d15641fcd5a1993d5cbc
sha512: e16ea3db813301b15e077598b76282ac2eb403df80ff5ae7cc0f56d1a0fc2ca10c46586c46e213ad9f90b10e9c3332ff9669410e8a154d624fa05d1c92cd15ff
ssdeep: 12288:R/J+NC0xu2rPcHKeNmcZvF/SZGYzZ5Q/jN:VJ8R6mcVF/mGY4rN
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: nlsbres.dll
FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7601.23572
FileDescription: NLSBuild resource DLL
OriginalFilename: nlsbres.dll
Translation: 0x0409 0x04b0

Backdoor.Win32.Emotet.anfn also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader34.10773
MicroWorld-eScanTrojan.GenericKDZ.69126
FireEyeTrojan.GenericKDZ.69126
Qihoo-360Win32/Backdoor.4d8
ALYacTrojan.GenericKDZ.69126
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 0056b9711 )
BitDefenderTrojan.GenericKDZ.69126
K7GWTrojan ( 0056b9711 )
TrendMicroTROJ_GEN.R002C0DGU20
BitDefenderThetaGen:NN.ZexaF.34144.4y0@a0Jsv9ek
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002C0DGU20
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Emotet.anfn
ViRobotTrojan.Win32.Emotet.929792
AegisLabTrojan.Win32.Emotet.L!c
Ad-AwareTrojan.GenericKDZ.69126
SophosTroj/Emotet-CKK
FortinetW32/GenKryptik.EPAZ!tr
EmsisoftTrojan.GenericKDZ.69126 (B)
IkarusTrojan-Banker.Emotet
MAXmalware (ai score=88)
ArcabitTrojan.Generic.D10E06
ZoneAlarmBackdoor.Win32.Emotet.anfn
MicrosoftTrojan:Win32/Emotet.ARJ!MTB
AhnLab-V3Trojan/Win32.Emotet.R346462
McAfeeEmotet-FRI!CAC9C45ED3D1
MalwarebytesTrojan.Emotet
APEXMalicious
ESET-NOD32Win32/Emotet.CD
RisingTrojan.Kryptik!1.C80B (CLASSIC)
GDataTrojan.GenericKDZ.69126
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Backdoor.Win32.Emotet.anfn?

Backdoor.Win32.Emotet.anfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment