Backdoor

Backdoor.Win32.Lotok.qji information

Malware Removal

The Backdoor.Win32.Lotok.qji is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Lotok.qji virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Win32.Lotok.qji?



File Info:

name: D939F9F5ABD64D6E0C2C.mlw
path: /opt/CAPEv2/storage/binaries/31557a8e5a70f0b287c022b29f0d970403237e2ff5c56a66f074fe138cc21801
crc32: 0FCB810D
md5: d939f9f5abd64d6e0c2c770906e2fd3e
sha1: 3dc8189d6dafa5c29450e4f2c739b6c8122545ec
sha256: 31557a8e5a70f0b287c022b29f0d970403237e2ff5c56a66f074fe138cc21801
sha512: 0b487973d2b938e7363cffe363047fe827b7e305f634eb3fa19fc31d6f60994734a39c482f441c340bd573cc51aa673528e43354fd073f10edeef571fcfed709
ssdeep: 98304:S06FOznLo0+Dd6uxcOzVN7kbzNjCnSki+H5:S3F6n80W6uG6vQVjvki+H5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FDF52302F282D0B2E87500F54562D7764E797D3297BAC4F79BD03DAF8D706D0AA3261A
sha3_384: 45e6c57b9e018d07fae1715d104d7cad671d542044016abeee23f7d758703fd47a60f1bd2452b05e87a4345644dc38f4
ep_bytes: e8a61d0000e989feffff8bff565733f6
timestamp: 2012-06-14 16:16:10


Version Info:

Comments: 100SUIEYIU2H34DDWsss
CompanyName: 100SUIEYIU2H34DDWsss
FileDescription: 100SUIEYIU2H34DDWsss
FileVersion: 100.0.0.0
OriginalFilename: suf_launch.exe
ProductName: 100SUIEYIU2H34DDWsss
ProductVersion: 100.0.0.0
Translation: 0x0409 0x0000

Backdoor.Win32.Lotok.qji also known as:

BkavW32.AIDetectMalware
DrWebTrojan.MulDrop23.9930
SymantecTrojan.Gen.MBT
Elasticmalicious (moderate confidence)
CynetMalicious (score: 99)
AvastSFX:Agent-AW [Trj]
KasperskyBackdoor.Win32.Lotok.qji
TencentMalware.Win32.Gencirc.10bf0fc5
F-SecureBackdoor.BDS/Redcap.ieomq
ZillyaBackdoor.Lotok.Win32.3133
McAfee-GW-EditionArtemis!Trojan
AviraBDS/Redcap.ieomq
ZoneAlarmBackdoor.Win32.Lotok.qji
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Malware/Win.Malware-gen.C5465232
APEXMalicious
RisingTrojan.Evasion/SFACTORY!1.E9F4 (CLASSIC)
AVGSFX:Agent-AW [Trj]
DeepInstinctMALICIOUS

How to remove Backdoor.Win32.Lotok.qji?

Backdoor.Win32.Lotok.qji removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment