Categories: Backdoor

Backdoor.Win32.Emotet.cduw (file analysis)

The Backdoor.Win32.Emotet.cduw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Emotet.cduw virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Attempts to modify proxy settings

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.Win32.Emotet.cduw?



File Info:

crc32: 78CE0BBAmd5: 67b32948219b67c389162375af9d4ef1name: upload_filesha1: ac61c1422fe3c6ab211f415b429ae728ca8f912fsha256: ea2a833a6c788316a8f0bbb81202f7a7c94a546c62c9ff59528c4bbd32b05d73sha512: 34b57821b2286df149e6c6592259a18f832971f49d0a0efa605db0fd19135f2e56bef7f444a3d48fbd7351bba60b2b7d741333f96310eb3fe04e070accf7aa79ssdeep: 12288:3ZlyqwEmkmauSVd2R3R0EcX0euXBzsOIDIsU3z4ZuF:Zm6whk90BXI7yQtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2002InternalName: ExpCheckTestFileVersion: 1, 0, 0, 1CompanyName: LegalTrademarks: ProductName: ExpCheckTest ApplicationProductVersion: 1, 0, 0, 1FileDescription: ExpCheckTest MFC ApplicationOriginalFilename: ExpCheckTest.EXETranslation: 0x0409 0x04b0

Backdoor.Win32.Emotet.cduw also known as:

Bkav W32.AIDetectVM.malware2
MicroWorld-eScan Trojan.Agent.EVAU
FireEye Generic.mg.67b32948219b67c3
McAfee Emotet-FQS!67B32948219B
BitDefender Trojan.Agent.EVAU
K7GW Riskware ( 0040eff71 )
BitDefenderTheta Gen:NN.ZexaE.34152.4y0@aKy6rKnk
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.EQKW
Paloalto generic.ml
Kaspersky Backdoor.Win32.Emotet.cduw
Ad-Aware Trojan.Agent.EVAU
DrWeb Trojan.Emotet.999
Sophos Troj/Emotet-CLB
APEX Malicious
MAX malware (ai score=86)
Arcabit Trojan.Agent.EVAU
Microsoft Trojan:Win32/Emotet.ARK!MTB
ALYac Trojan.Agent.EVAU
Malwarebytes Trojan.Emotet
Fortinet PossibleThreat.MU
Ikarus Trojan.Win32.Emotet
GData Trojan.Agent.EVAU
AVG FileRepMalware
Qihoo-360 Win32/Backdoor.417

How to remove Backdoor.Win32.Emotet.cduw?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzBackdoor.Win32.Emotet.cduwExpCheckTestz.whorecord.xyz
4 years ago

Recent Posts

Mal/Swizzor-B removal tips

The Mal/Swizzor-B is considered dangerous by lots of security experts. When this infection is active,…

3 mins ago

Adware.Hotbar.1 information

The Adware.Hotbar.1 is considered dangerous by lots of security experts. When this infection is active,…

9 mins ago

Barys.456554 information

The Barys.456554 is considered dangerous by lots of security experts. When this infection is active,…

24 mins ago

Midie.66060 (file analysis)

The Midie.66060 is considered dangerous by lots of security experts. When this infection is active,…

34 mins ago

Should I remove “Symmi.6017 (B)”?

The Symmi.6017 (B) is considered dangerous by lots of security experts. When this infection is…

49 mins ago

Zusy.540971 removal tips

The Zusy.540971 is considered dangerous by lots of security experts. When this infection is active,…

50 mins ago