Categories: Backdoor

Backdoor.Win32.Emotet.cfrq removal instruction

The Backdoor.Win32.Emotet.cfrq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Emotet.cfrq virus can do?

Executable code extraction
Creates RWX memory
Mimics the system’s user agent string for its own requests
Expresses interest in specific running processes
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)

How to determine Backdoor.Win32.Emotet.cfrq?


File Info:
crc32: 784D36DEmd5: 5cbb321ea8e5699ce815aec7da8af312name: upload_filesha1: 1c5cd2b758872a92a49d2bfc63dbdab6641432d6sha256: 608022d0c70d58be2d33e10f0936b323df6ce4916fa449ec96da2f1fa64b019csha512: 642e99c71d71d72abb71a3e02346f485fa34df67255bf4fefaff295a23d405e68293a3d0e86058de6209526c303189e840ab653eacd9bd52774841a46290df14ssdeep: 12288:rfzaBuiszJbE9mO4sl9kVlAOyQkNvOzxMrBM:rbMmO4sl9sR2Otqtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: x7248x6743x6240x6709 (C) 2002InternalName: Pop3MonitorFileVersion: 1, 0, 0, 1CompanyName: LegalTrademarks: ProductName: Pop3Monitor x5e94x7528x7a0bx5e8fProductVersion: 1, 0, 0, 1FileDescription: Pop3Monitor Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8fOriginalFilename: Pop3Monitor.EXETranslation: 0x0804 0x04b0

Backdoor.Win32.Emotet.cfrq also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.69487
FireEye	Trojan.GenericKDZ.69487
McAfee	GenericRXAA-AA!5CBB321EA8E5
Alibaba	Trojan:Win32/Emotet.04385370
K7GW	Riskware ( 0040eff71 )
Arcabit	Trojan.Generic.D10F6F
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Emotet.cfrq
BitDefender	Trojan.GenericKDZ.69487
Ad-Aware	Trojan.GenericKDZ.69487
Comodo	.UnclassifiedMalware@0
DrWeb	Trojan.DownLoader34.24265
Sophos	Mal/Generic-S
eGambit	Unsafe.AI_Score_98%
MAX	malware (ai score=88)
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
GData	Trojan.GenericKDZ.69487
BitDefenderTheta	Gen:NN.ZexaF.34152.Cq0@a4boZzab
ALYac	Trojan.Emotet.AKB
Malwarebytes	Trojan.Emotet
ESET-NOD32	Win32/Emotet.CD
TrendMicro-HouseCall	TROJ_GEN.R011C0DHG20
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/Emotet.AJQ!tr
Webroot	W32.Trojan.Emotet
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Generic/HEUR/QVM07.1.44C7.Malware.Gen