Backdoor

How to remove “Backdoor.Win32.Lotok.hqn”?

Malware Removal

The Backdoor.Win32.Lotok.hqn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Win32.Lotok.hqn virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Lotok.hqn?


File Info:

name: FCD2411D5F14F4099332.mlw
path: /opt/CAPEv2/storage/binaries/246b491864ccf9b7a513fbc62ff95c1c6c070ff2974fcebb79c60b615e5ea45c
crc32: 24A56EAC
md5: fcd2411d5f14f40993328888b5dc6c29
sha1: f78d491c96bacf33955a5f7f7059571dc44fea38
sha256: 246b491864ccf9b7a513fbc62ff95c1c6c070ff2974fcebb79c60b615e5ea45c
sha512: df00f1f3070e1cf83c98ff45b0107f5496df7e317e4e1aa3fe642435d94f3eb5d6bc8ef36bb905b0c2d88ed8e33a5bd97951e6fb1692b44fd41aab9e560c0b97
ssdeep: 98304:K1TsPOtlLLvWlSdLFhNQ+lqakZjiTtTD:KNsPGl/vWezkZGpD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T131E533063D1F0DB1D83EBAF22A46E856F96B40C47F92030FDBC6160356994E2497BBE5
sha3_384: 9da518f97e0fd0cc396cea536100cafc1c156d90070528c897933df8f2d224133c27a0b75f493e5034066c4a5e0ad239
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2022-06-15 09:58:35

Version Info:

FileVersion: 1.0.0.0
FileDescription: Adobe Flash
ProductName: Adobe Flash
ProductVersion: 1.0.0.0
LegalCopyright: .
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Backdoor.Win32.Lotok.hqn also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanGen:Packer.Enigma.1
CylanceUnsafe
Sangfor[ASPACK 1.02B OR 1.08.03]
K7AntiVirusTrojan ( 0042f7bb1 )
K7GWTrojan ( 0042f7bb1 )
Cybereasonmalicious.d5f14f
BitDefenderThetaAI:Packer.9EB9E32713
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
KasperskyBackdoor.Win32.Lotok.hqn
BitDefenderGen:Packer.Enigma.1
AvastWin32:Malware-gen
Ad-AwareGen:Packer.Enigma.1
EmsisoftGen:Packer.Enigma.1 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.fcd2411d5f14f409
SophosGeneric ML PUA (PUA)
IkarusPUA.EnigmaProtector
GDataWin32.Application.PUPStudio.A
AviraBDS/Redcap.ltgmp
MAXmalware (ai score=87)
ArcabitGen:Packer.Enigma.1
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C5057239
Acronissuspicious
McAfeeArtemis!FCD2411D5F14
VBA32Backdoor.Bladabindi
MalwarebytesMalware.Heuristic.1003
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
YandexBackdoor.Lotok!bEYcrL8cZMc
SentinelOneStatic AI – Malicious PE
MaxSecureDropper.Dinwod.frindll
FortinetRiskware/Application
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Backdoor.Win32.Lotok.hqn?

Backdoor.Win32.Lotok.hqn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment