Categories: Backdoor

Backdoor.Win32.Lotok.jgj malicious file

The Backdoor.Win32.Lotok.jgj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Lotok.jgj virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the PCRat malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Lotok.jgj?



File Info:

name: 52113555FDB577A75EEE.mlwpath: /opt/CAPEv2/storage/binaries/581c0d646eb0b1807fa55be85050d6cf1e44d11244af40161e3c294d5ce123ebcrc32: 14BFA60Fmd5: 52113555fdb577a75eee68c6316da744sha1: 2ec60038a4c9e98b1893f0d7c55bb5a161ba4345sha256: 581c0d646eb0b1807fa55be85050d6cf1e44d11244af40161e3c294d5ce123ebsha512: d6de49414aa41aa964afd3967a4d3b62ebdbb5f5f61a42d5d07d8d5c0742488bb89b696c307ea997cdf4d9bfdf7a3a6c8870ba5f5080765bc0967dddcbc741c5ssdeep: 24576:IZu+Q7xknja1VK4jHuhuZ8Zjy+sJaAt/m7gOIwgUtp7tl8:xu8NTKZjZsAs/m7gPwN9Stype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1FC7533767E4ACE01D8EAF237F863221F61C8F9316F79142706E61DC5D0B566ACE38609sha3_384: e4717f610f56e172610eca178e0a8d6ec1c4db84e1050be9120a49a411370b45c94b6a270fdb8cee07bb61e6bdfe2c7dep_bytes: 558bec83c4f0b800104000e801000000timestamp: 2021-08-06 16:38:04

Version Info:

0: [No Data]

Backdoor.Win32.Lotok.jgj also known as:

Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
McAfee Artemis!52113555FDB5
Cylance Unsafe
VIPRE Gen:Variant.Strictor.267200
Sangfor Suspicious.Win32.Save.ins
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/S-b406e71e!Eldorado
ESET-NOD32 a variant of Win32/Packed.EnigmaProtector.J suspicious
APEX Malicious
Kaspersky Backdoor.Win32.Lotok.jgj
BitDefender Gen:Variant.Strictor.267200
MicroWorld-eScan Gen:Variant.Strictor.267200
Avast Win32:BackdoorX-gen [Trj]
Tencent Win32.Backdoor.Lotok.Ywhl
Ad-Aware Gen:Variant.Strictor.267200
Sophos Generic ML PUA (PUA)
DrWeb BackDoor.Farfli.131
Trapmine malicious.high.ml.score
FireEye Generic.mg.52113555fdb577a7
Emsisoft Gen:Variant.Strictor.267200 (B)
SentinelOne Static AI – Malicious PE
GData Gen:Variant.Strictor.267200
Avira HEUR/AGEN.1215951
MAX malware (ai score=84)
Antiy-AVL Trojan/Generic.ASBOL.C669
Microsoft Backdoor:Win32/Bladabindi!ml
Google Detected
AhnLab-V3 Trojan/Win.Generic.R467122
BitDefenderTheta Gen:NN.ZexaF.34698.KvW@aqYR4Klb
ALYac Gen:Variant.Strictor.267200
Malwarebytes Malware.AI.3971039082
TrendMicro-HouseCall TROJ_GEN.R03BH0CJ122
Rising PUF.Pack-Enigma!1.BA33 (CLASSIC)
Ikarus PUA.Generic
MaxSecure Trojan.Malware.300983.susgen
Fortinet Riskware/Application
AVG Win32:BackdoorX-gen [Trj]
Cybereason malicious.8a4c9e
Panda Trj/Genetic.gen

How to remove Backdoor.Win32.Lotok.jgj?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Win32.Lotok.jgj
2 years ago

Recent Posts

How to remove “Trojan:WinNT/Percol.A”?

The Trojan:WinNT/Percol.A is considered dangerous by lots of security experts. When this infection is active,…

17 mins ago

Malware.AI.4236375263 removal guide

The Malware.AI.4236375263 is considered dangerous by lots of security experts. When this infection is active,…

33 mins ago

Trojan:Win64/Midie.NM!MTB malicious file

The Trojan:Win64/Midie.NM!MTB is considered dangerous by lots of security experts. When this infection is active,…

54 mins ago

Virus:Win32/Patchload.A removal

The Virus:Win32/Patchload.A is considered dangerous by lots of security experts. When this infection is active,…

54 mins ago

Go For Files (PUA) information

The Go For Files (PUA) is considered dangerous by lots of security experts. When this…

1 hour ago

About “TrojanDownloader:Win32/VB.ZJ” infection

The TrojanDownloader:Win32/VB.ZJ is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago