Backdoor

How to remove “Backdoor.Win32.Emotet.aoob”?

Malware Removal

The Backdoor.Win32.Emotet.aoob is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Emotet.aoob virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Emotet.aoob?



File Info:

crc32: D24F22AC
md5: a53e9de40ab0cd74441e2091dd1af9fa
name: upload_file
sha1: b1604fb7bdfab90c8b832f1c90cc066dc10d36bc
sha256: 0a5ca2efe568f5e04a3d48600647ef043a939caa650146db832e5eac10432e7b
sha512: 1c974b129b7b6b79afa26dfcbf6cd9798ce2832ae9fac864147567bb157bb17cafcea20c5ab614c4f46778edc250089420e97eeb576272c8fb2e282cf2bd38ef
ssdeep: 12288:x/J+NC0xu2rPcHKeNmcZvF/SZGYzZ5Q/XL:1J8R6mcVF/mGY4P
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: nlsbres.dll
FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7601.23572
FileDescription: NLSBuild resource DLL
OriginalFilename: nlsbres.dll
Translation: 0x0409 0x04b0

Backdoor.Win32.Emotet.aoob also known as:

MicroWorld-eScanTrojan.GenericKD.34262622
FireEyeGeneric.mg.a53e9de40ab0cd74
McAfeeEmotet-FRI!A53E9DE40AB0
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 0056b9711 )
BitDefenderTrojan.GenericKD.34262622
K7GWTrojan ( 0056b9711 )
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
GDataTrojan.GenericKD.34262622
KasperskyBackdoor.Win32.Emotet.aoob
ViRobotTrojan.Win32.Emotet.929792
Endgamemalicious (high confidence)
EmsisoftTrojan.GenericKD.34262622 (B)
DrWebTrojan.DownLoader34.11560
TrendMicroTROJ_GEN.R002C0DGU20
SophosTroj/Emotet-CKK
IkarusTrojan-Banker.Emotet
JiangminBackdoor.Emotet.os
MAXmalware (ai score=100)
MicrosoftTrojan:Win32/Emotet.ARJ!MTB
ArcabitTrojan.Generic.D20ACE5E
ZoneAlarmBackdoor.Win32.Emotet.aoob
AhnLab-V3Trojan/Win32.GenKryptik.R346369
BitDefenderThetaGen:NN.ZexaF.34144.4y0@aab5sOfk
ALYacTrojan.GenericKD.34262622
TACHYONTrojan/W32.Agent.929792.GE
MalwarebytesTrojan.Emotet
PandaTrj/Emotet.C
ESET-NOD32Win32/Emotet.CD
TrendMicro-HouseCallTROJ_GEN.R002C0DGU20
RisingTrojan.Kryptik!1.C80B (CLOUD)
FortinetW32/GenKryptik.EPAZ!tr
Ad-AwareTrojan.GenericKD.34262622
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)
Qihoo-360Win32/Backdoor.5e6

How to remove Backdoor.Win32.Emotet.aoob?

Backdoor.Win32.Emotet.aoob removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment