Backdoor

Backdoor.Win32.Lotok.jgj malicious file

Malware Removal

The Backdoor.Win32.Lotok.jgj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Lotok.jgj virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the PCRat malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Lotok.jgj?



File Info:

name: 52113555FDB577A75EEE.mlw
path: /opt/CAPEv2/storage/binaries/581c0d646eb0b1807fa55be85050d6cf1e44d11244af40161e3c294d5ce123eb
crc32: 14BFA60F
md5: 52113555fdb577a75eee68c6316da744
sha1: 2ec60038a4c9e98b1893f0d7c55bb5a161ba4345
sha256: 581c0d646eb0b1807fa55be85050d6cf1e44d11244af40161e3c294d5ce123eb
sha512: d6de49414aa41aa964afd3967a4d3b62ebdbb5f5f61a42d5d07d8d5c0742488bb89b696c307ea997cdf4d9bfdf7a3a6c8870ba5f5080765bc0967dddcbc741c5
ssdeep: 24576:IZu+Q7xknja1VK4jHuhuZ8Zjy+sJaAt/m7gOIwgUtp7tl8:xu8NTKZjZsAs/m7gPwN9S
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC7533767E4ACE01D8EAF237F863221F61C8F9316F79142706E61DC5D0B566ACE38609
sha3_384: e4717f610f56e172610eca178e0a8d6ec1c4db84e1050be9120a49a411370b45c94b6a270fdb8cee07bb61e6bdfe2c7d
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2021-08-06 16:38:04


Version Info:

0: [No Data]

Backdoor.Win32.Lotok.jgj also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
McAfeeArtemis!52113555FDB5
CylanceUnsafe
VIPREGen:Variant.Strictor.267200
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/S-b406e71e!Eldorado
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
KasperskyBackdoor.Win32.Lotok.jgj
BitDefenderGen:Variant.Strictor.267200
MicroWorld-eScanGen:Variant.Strictor.267200
AvastWin32:BackdoorX-gen [Trj]
TencentWin32.Backdoor.Lotok.Ywhl
Ad-AwareGen:Variant.Strictor.267200
SophosGeneric ML PUA (PUA)
DrWebBackDoor.Farfli.131
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.52113555fdb577a7
EmsisoftGen:Variant.Strictor.267200 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Strictor.267200
AviraHEUR/AGEN.1215951
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASBOL.C669
MicrosoftBackdoor:Win32/Bladabindi!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R467122
BitDefenderThetaGen:NN.ZexaF.34698.KvW@aqYR4Klb
ALYacGen:Variant.Strictor.267200
MalwarebytesMalware.AI.3971039082
TrendMicro-HouseCallTROJ_GEN.R03BH0CJ122
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
IkarusPUA.Generic
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
AVGWin32:BackdoorX-gen [Trj]
Cybereasonmalicious.8a4c9e
PandaTrj/Genetic.gen

How to remove Backdoor.Win32.Lotok.jgj?

Backdoor.Win32.Lotok.jgj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment