Backdoor

Backdoor.Win32.Emotet.btlq removal

Malware Removal

The Backdoor.Win32.Emotet.btlq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Emotet.btlq virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Emotet.btlq?



File Info:

crc32: 78AC5688
md5: a3636a494745bebae77c35030d0769d6
name: upload_file
sha1: cf3e230216a7cea4b0dc0a9f1e6ebe1221dd9b04
sha256: 2faeb71e73538c50f233a70152d8b0490e379be3f3538f2d00aadadbb63c0442
sha512: 58913d20c466ca58b744a25eb2003bdfc3a0c3f8d2be6eb03cd0280b4e0ee5bc2abd35f52a5ae79d88e0e77b13d31f692829b25cda04b6a455b8beacfe7ba9ef
ssdeep: 768:LIEgbXnp5TK0LR8n4oWPjPB0ib5xkkro02iIUUcwORYF97mXYYDENjNUCo:P0LOjA2m0sUOY9qowiUC
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2003
InternalName: UseShGetFileInfoDemo
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: UseShGetFileInfoDemo Application
ProductVersion: 1, 0, 0, 1
FileDescription: UseShGetFileInfoDemo MFC Application
OriginalFilename: UseShGetFileInfoDemo.EXE
Translation: 0x0409 0x04b0

Backdoor.Win32.Emotet.btlq also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ranapama.ALM
FireEyeGeneric.mg.a3636a494745beba
CAT-QuickHealTrojan.CKGENERIC
ALYacTrojan.Ranapama.ALM
VIPRETrojan.Win32.Generic!BT
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.Ranapama.ALM
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.216a7c
TrendMicroTROJ_GEN.R002C0DHC20
CyrenW32/Kryptik.BTL.gen!Eldorado
SymantecTrojan.Emotet
ESET-NOD32a variant of Win32/Kryptik.HFMI
APEXMalicious
AvastWin32:BankerX-gen [Trj]
KasperskyBackdoor.Win32.Emotet.btlq
AlibabaTrojan:Win32/Emotet.36663363
ViRobotTrojan.Win32.Emotet.61440
AegisLabTrojan.Win32.Ranapama.4!c
RisingTrojan.Emotet!8.B95 (CLOUD)
Ad-AwareTrojan.Ranapama.ALM
SophosMal/Generic-S
F-SecureTrojan.TR/Crypt.Agent.jfwwo
DrWebTrojan.Emotet.1000
Invinceaheuristic
FortinetW32/GenKryptik.EJVW!tr
EmsisoftTrojan.Emotet (A)
SentinelOneDFI – Suspicious PE
F-ProtW32/Kryptik.BTL.gen!Eldorado
JiangminBackdoor.Emotet.qj
MaxSecureTrojan.Malware.121218.susgen
AviraTR/Crypt.Agent.jfwwo
MAXmalware (ai score=82)
ArcabitTrojan.Ranapama.ALM
AhnLab-V3Trojan/Win32.Emotet.R347704
ZoneAlarmBackdoor.Win32.Emotet.btlq
MicrosoftTrojan:Win32/Emotet.GGG!MTB
CynetMalicious (score: 100)
McAfeeEmotet-FRT!A3636A494745
TACHYONTrojan/W32.Ranapama.61440
VBA32BScope.TrojanBanker.Emotet
MalwarebytesTrojan.MalPack.TRE
PandaTrj/Emotet.C
TrendMicro-HouseCallTROJ_GEN.R002C0DHC20
IkarusTrojan-Banker.Emotet
eGambitUnsafe.AI_Score_99%
GDataTrojan.Ranapama.ALM
AVGWin32:BankerX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (W)
Qihoo-360Generic/Trojan.326

How to remove Backdoor.Win32.Emotet.btlq?

Backdoor.Win32.Emotet.btlq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment