Backdoor.Win32.Emotet.cfpz malicious file

The Backdoor.Win32.Emotet.cfpz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Emotet.cfpz virus can do?

Executable code extraction
Creates RWX memory
Mimics the system’s user agent string for its own requests
Expresses interest in specific running processes
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.Win32.Emotet.cfpz?


File Info:
crc32: E26E11E3
md5: 91a5d4d59e548d3248abed9e1ee77199
name: upload_file
sha1: 61ecd793c1ef07c65609b372af0c3ac5012406a8
sha256: beeefab72f0f954e18f5c62bd305e39ebaf4442f22d4a409232bf85348285a21
sha512: fcac1dedcf2b0844e6600766a4fca45353cb4c640bf0b28eede62945450e56cb58d59f0e7ca80b1a974d51c80186bc95b4c8feaba14b2e06664f09f72544b4e0
ssdeep: 12288:ffzaBuiszJbE9mO4sl9kVlAOyQkNvOzxo0:fbMmO4sl9sR2Ot/
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x7248x6743x6240x6709 (C) 2002
InternalName: Pop3Monitor
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: Pop3Monitor x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: Pop3Monitor Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: Pop3Monitor.EXE
Translation: 0x0804 0x04b0

Backdoor.Win32.Emotet.cfpz also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34365345
FireEye	Trojan.GenericKD.34365345
CAT-QuickHeal	Trojan.CKGENERIC
ALYac	Trojan.GenericKD.34365345
Malwarebytes	Trojan.Emotet
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.34365345
K7GW	Riskware ( 0040eff71 )
TrendMicro	TROJ_GEN.R011C0DHG20
Cyren	W32/Emotet.AQB.gen!Eldorado
Symantec	Trojan.Emotet
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Trojan.Emotet-9371544-0
Kaspersky	Backdoor.Win32.Emotet.cfpz
Alibaba	Trojan:Win32/Emotet.c2441917
ViRobot	Trojan.Win32.Emotet.458752.B
Tencent	Malware.Win32.Gencirc.10cde817
Ad-Aware	Trojan.GenericKD.34365345
Comodo	.UnclassifiedMalware@0
F-Secure	Trojan.TR/AD.Emotet.tcmfa
DrWeb	Trojan.DownLoader34.24265
Zillya	Backdoor.Emotet.Win32.1010
Sophos	Troj/Emotet-CLD
Jiangmin	Backdoor.Emotet.ra
Webroot	W32.Trojan.Emotet
Avira	TR/AD.Emotet.tcmfa
eGambit	Unsafe.AI_Score_97%
MAX	malware (ai score=88)
Antiy-AVL	Trojan[Backdoor]/Win32.Emotet
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
Arcabit	Trojan.Generic.D20C5FA1
ZoneAlarm	Backdoor.Win32.Emotet.cfpz
GData	Trojan.GenericKD.34365345
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Emotet.R347905
McAfee	GenericRXLR-TI!91A5D4D59E54
TACHYON	Trojan/W32.Emotet.458752.C
VBA32	BScope.Backdoor.Emotet
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.HFNV
TrendMicro-HouseCall	TROJ_GEN.R011C0DHG20
Rising	Trojan.Kryptik!1.CA7F (CLOUD)
Ikarus	Trojan-Banker.Emotet
MaxSecure	Trojan.Malware.105306133.susgen
Fortinet	W32/Kryptik.HCEJ!tr
BitDefenderTheta	Gen:NN.ZexaF.34186.Cq0@aOo6igfb
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_60% (W)

How to remove Backdoor.Win32.Emotet.cfpz?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Backdoor.Win32.Emotet.cfpz malicious file