Backdoor

Backdoor.Win32.Emotet.cexb removal guide

Malware Removal

The Backdoor.Win32.Emotet.cexb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Emotet.cexb virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Attempts to modify proxy settings

How to determine Backdoor.Win32.Emotet.cexb?


File Info:

crc32: 687077C6
md5: a5b70510ec0a7fd07bcb32433e32bf72
name: upload_file
sha1: 326b6b8cda47188761ab0a98401af598b378c544
sha256: 3184016abc0fe5540821a48245159809d5da72d7d94f7f21a4647faf754ff896
sha512: 9b36cf628ddd282af236d38c82455211c9aae8559e02e71b8aade0dc6b2886a31d18c4e806a14f0f9d57488d72e866f7403bc0a1d24e5ba69183c809e4c4259e
ssdeep: 12288:tZlyqwEmkmauSVd2R3R0EcX0euXBzsUsU3z4ZuF:/m6whk90ByyQ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2002
InternalName: ExpCheckTest
FileVersion: 1, 0, 0, 1
CompanyName:
LegalTrademarks:
ProductName: ExpCheckTest Application
ProductVersion: 1, 0, 0, 1
FileDescription: ExpCheckTest MFC Application
OriginalFilename: ExpCheckTest.EXE
Translation: 0x0409 0x04b0

Backdoor.Win32.Emotet.cexb also known as:

BkavW32.AIDetectVM.malware2
MicroWorld-eScanTrojan.Agent.EVAU
FireEyeGeneric.mg.a5b70510ec0a7fd0
CAT-QuickHealTrojan.CKGENERIC
ALYacTrojan.Agent.EVAU
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Emotet.L!c
BitDefenderTrojan.Agent.EVAU
K7GWRiskware ( 0040eff71 )
TrendMicroTROJ_GEN.R002C0DHG20
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Emotet.cexb
AlibabaTrojan:Win32/Emotet.f4bcf0a2
Ad-AwareTrojan.Agent.EVAU
F-SecureTrojan.TR/Kryptik.xvfkp
DrWebTrojan.Emotet.999
FortinetW32/Malicious_Behavior.VEX
SophosTroj/Emotet-CLB
IkarusTrojan.Win32.Emotet
AviraTR/Kryptik.xvfkp
MAXmalware (ai score=84)
ArcabitTrojan.Agent.EVAU
MicrosoftTrojan:Win32/Emotet.ARK!MTB
McAfeeEmotet-FQS!A5B70510EC0A
TACHYONTrojan/W32.Agent.917504.KO
MalwarebytesTrojan.Emotet
ESET-NOD32a variant of Win32/GenKryptik.EQKW
TrendMicro-HouseCallTROJ_GEN.R002C0DHG20
TencentWin32.Backdoor.Emotet.Lnnz
GDataTrojan.Agent.EVAU
BitDefenderThetaGen:NN.ZexaE.34152.4y0@ai4Q8Kik
AVGWin32:Malware-gen
AvastWin32:Malware-gen
Qihoo-360Generic/HEUR/QVM41.2.4143.Malware.Gen

How to remove Backdoor.Win32.Emotet.cexb?

Backdoor.Win32.Emotet.cexb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment