Backdoor

What is “Backdoor.Win32.Lotok.itm”?

Malware Removal

The Backdoor.Win32.Lotok.itm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Lotok.itm virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the PCRat malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Lotok.itm?



File Info:

name: 1545FCD8C1ABBAA5B06E.mlw
path: /opt/CAPEv2/storage/binaries/d3d146c2fdadd79613adcff43e6967081e547042a88f5f53c2e6331900cfb4a1
crc32: CDE52A3D
md5: 1545fcd8c1abbaa5b06e9e8c628fddc5
sha1: 0a8de549f95ed4a208801d8301ae854766228b33
sha256: d3d146c2fdadd79613adcff43e6967081e547042a88f5f53c2e6331900cfb4a1
sha512: 99fe81cedb31fb676b39b74c4fd7e2d296e7c8d4657e24836ba16f7243201aa8cb93a04c9dc3599e237df5b85bcf3367813d6b03df7fc3d311bc5cd7ee36139f
ssdeep: 49152:xnNVsA8wTd3PP3F35XhHLugaDOpV4nkI7E:xnUA8udn3dnH6gaCpyk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C17533258BC671D7DA5D4DBE51B038B0462C2AF5382638730B892B0DE43AD978D9F4DE
sha3_384: c4ad3f2df7ce09830da8305e5ada14e58495b97ee636a6358963053910f22ed651f003edea8aade9336a9f7bd35b9ec2
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2021-08-06 16:38:04


Version Info:

0: [No Data]

Backdoor.Win32.Lotok.itm also known as:

Elasticmalicious (high confidence)
DrWebBackDoor.Farfli.131
MicroWorld-eScanGen:Variant.Strictor.267200
FireEyeGeneric.mg.1545fcd8c1abbaa5
McAfeeGenericRXAA-AA!1545FCD8C1AB
CylanceUnsafe
VIPREGen:Variant.Strictor.267200
SangforSuspicious.Win32.Save.ins
Cybereasonmalicious.9f95ed
BitDefenderThetaGen:NN.ZexaF.34646.JvW@a8!OTimb
CyrenW32/S-b406e71e!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
KasperskyBackdoor.Win32.Lotok.itm
BitDefenderGen:Variant.Strictor.267200
AvastWin32:BackdoorX-gen [Trj]
TencentWin32.Backdoor.Lotok.Timw
Ad-AwareGen:Variant.Strictor.267200
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Strictor.267200 (B)
IkarusPUA.Generic
GDataGen:Variant.Strictor.267200
GoogleDetected
AviraHEUR/AGEN.1215951
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASBOL.C669
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win64/Rootkitdrv.LKB!dha
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R467122
VBA32Trojan.Wacatac
ALYacGen:Variant.Strictor.267200
MalwarebytesMalware.AI.3971039082
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetRiskware/Application
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Lotok.itm?

Backdoor.Win32.Lotok.itm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment