Backdoor.Win32.Mokes.aknz malicious file

The Backdoor.Win32.Mokes.aknz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Mokes.aknz virus can do?

Executable code extraction
Presents an Authenticode digital signature
Creates RWX memory
Detects Sandboxie through the presence of a library
Detects Avast Antivirus through the presence of a library
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor.Win32.Mokes.aknz?


File Info:
crc32: 81BD06BA
md5: df40ac59f1022b97894abf0582662ff8
name: upload_file
sha1: 98fdf7535a017bea950e9124f5022617b4787f34
sha256: 1765e5f0ee49b2b6cf4a7361bbaac484f15c6c1d003de02338fffdb615e831d8
sha512: 4d5ef29ac454462f5fcb91e27c71949caa36f016edd86d32c5e8a22f9cb86027799fce805cffac9e3b0b4f3d93aa4c412cd34480551ff3e6a9128825416665e7
ssdeep: 3072:AO1LzxGZ9Vag6ujkyamUoo7Or0WpVJTtTDTvDhZmJ8:AO1LsAyjZamroJGJTtTDTvD6J8
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 Microsoft Corporation.  All rights reserved.
InternalName: SMSvcHost.exe
FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
CompanyName: Microsoft Corporation
PrivateBuild: DDBLD247
Comments: Flavor=Retail
ProductName: Microsoftxae .NET Framework
ProductVersion: 3.0.4506.5420
FileDescription: SMSvcHost.exe
OriginalFilename: SMSvcHost.exe
Translation: 0x0409 0x04b0

Backdoor.Win32.Mokes.aknz also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.43889328
Qihoo-360	Win32/Backdoor.508
ALYac	Trojan.GenericKD.43889328
Sangfor	Malware
K7AntiVirus	Trojan ( 0056f76f1 )
Alibaba	Backdoor:Win32/Mokes.6b68ed68
K7GW	Trojan ( 0056f76f1 )
Cybereason	malicious.35a017
TrendMicro	TROJ_FRS.0NA103IP20
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Mokes.aknz
BitDefender	Trojan.GenericKD.43889328
Tencent	Malware.Win32.Gencirc.10ce05be
Ad-Aware	Trojan.GenericKD.43889328
Sophos	Mal/EncPk-APV
Comodo	Malware@#3i1q1vtl4cf72
F-Secure	Backdoor.BDS/Mokes.iycyt
DrWeb	Trojan.DownLoader34.49647
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-R + Mal/EncPk-APV
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.df40ac59f1022b97
Emsisoft	Trojan.GenericKD.43889328 (B)
Ikarus	Trojan.Win32.Gencbl
GData	Trojan.GenericKD.43889328
Webroot	W32.Trojan.Gen
Avira	BDS/Mokes.iycyt
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Arcabit	Trojan.Generic.D29DB2B0
ZoneAlarm	Backdoor.Win32.Mokes.aknz
Microsoft	Trojan:Win32/Ymacco.AA17
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Wacatac.C4199611
McAfee	GenericRXMB-KR!DF40AC59F102
MAX	malware (ai score=99)
VBA32	BScope.Trojan.Encoder
Malwarebytes	Trojan.SmokeLoader
ESET-NOD32	Win32/TrojanDownloader.Zurgop.DA
TrendMicro-HouseCall	TROJ_FRS.0NA103IP20
Rising	Trojan.Bunitu!8.109AF (TFE:2:GHjEnFJNmFO)
SentinelOne	DFI – Malicious PE
eGambit	PE.Heur.InvalidSig
Fortinet	W32/GenCBL.AS!tr
BitDefenderTheta	Gen:NN.ZexaF.34254.5u1@aW1bZ4bi
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Mokes.aknz?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Backdoor.Win32.Mokes.aknz malicious file