Categories: Backdoor

Backdoor.Win32.Mokes.anri information

The Backdoor.Win32.Mokes.anri is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Mokes.anri virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (7 unique times)
  • Starts servers listening on 127.0.0.1:0
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Looks up the external IP address
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • Network activity contains more than one unique useragent.
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Attempts to disable Windows Defender
  • Attempts to create or modify system certificates
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
wensela.xyz
www.listincode.com
cdn.discordapp.com
ocsp.digicert.com
t.gogamec.com
ipinfo.io
statuse.digitalcertvalidation.com
iplogger.org
apps.identrust.com
ppgggb.com
gcl-gb.biz
privacytoolzforyou7000.top
dataonestorage.com
perspectivimmo.com
www.mrwenshen.com
dumancue.com
studiomacdesign.it
www.studiomacdesign.it

How to determine Backdoor.Win32.Mokes.anri?



File Info:

crc32: 6F3F5814md5: 66451721627aaa1e36ab7e1fe63a7988name: 66451721627AAA1E36AB7E1FE63A7988.mlwsha1: 00218faf746dcf65bb377702db5de4ef81ca9851sha256: 4fdd491d72f29c86df5bd2bd10725468c259fdc612c9fe13272c4e83744b41a9sha512: d6d33c614e4ae41410a373797e2ab188e917814d04cd932087a3f74e476ed6e670c020232000dd70a76a24444603b96f8af2866737e241eb2d44f4b1b84acfc9ssdeep: 98304:xpCvLUBsgcaSXb7i53lFTFqzjee0/J0oSsqzoSbawH5f3zy:xCLUCgcPr7i5PTUeHWoSsqzoaawH5mtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (c) 1999-2018 Igor PavlovInternalName: 7zS.sfxFileVersion: 19.00CompanyName: Igor PavlovProductName: 7-ZipProductVersion: 19.00FileDescription: 7z Setup SFXOriginalFilename: 7zS.sfx.exeTranslation: 0x0409 0x04b0

Backdoor.Win32.Mokes.anri also known as:

K7AntiVirus Spyware ( 005690661 )
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen3.4515
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.SabsikIH.S21959152
ALYac Gen:Variant.Jaik.45703
Cylance Unsafe
K7GW Spyware ( 005690661 )
Cybereason malicious.1627aa
Cyren W32/ArkeiStealer.A.gen!Eldorado
ESET-NOD32 multiple detections
Avast Win32:TrojanX-gen [Trj]
ClamAV Win.Packed.Barys-9859531-0
Kaspersky Backdoor.Win32.Mokes.anri
BitDefender Gen:Variant.Jaik.45703
MicroWorld-eScan Gen:Variant.Jaik.45703
Ad-Aware Gen:Variant.Jaik.45703
Sophos Mal/Generic-S
F-Secure Backdoor.BDS/Mokes.mpond
BitDefenderTheta Gen:NN.ZedlaF.34236.n88baOE@FOp
McAfee-GW-Edition Downloader-FCFI!048A56B35B7D
FireEye Gen:Variant.Jaik.45703
Emsisoft Gen:Variant.Jaik.45703 (B)
Jiangmin Trojan.Fabookie.pu
Avira TR/AD.DisSteal.kbbwy
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Win32.Chapak
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Microsoft Trojan:Win32/ArkeiStealer.DB!MTB
Arcabit Trojan.Jaik.DB287
ZoneAlarm HEUR:Trojan.Win32.Zapchast.gen
GData Gen:Variant.Jaik.45703
McAfee Artemis!66451721627A
MAX malware (ai score=81)
VBA32 Trojan.Zapchast
Malwarebytes Trojan.Dropper.SFX.Generic
Panda Trj/CI.A
TrendMicro-HouseCall TROJ_GEN.R002C0WJV21
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Fortinet W32/BSE.4Q7Q!tr
AVG Win32:TrojanX-gen [Trj]

How to remove Backdoor.Win32.Mokes.anri?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: 7zS.sfxa.tomx.xyzapps.identrust.comBackdoor.Win32.Mokes.anricdn.discordapp.comdataonestorage.comdumancue.comgcl-gb.bizipinfo.ioiplogger.orgocsp.digicert.comperspectivimmo.comppgggb.comprivacytoolzforyou7000.topstatuse.digitalcertvalidation.comstudiomacdesign.itt.gogamec.comwensela.xyzwww.listincode.comwww.mrwenshen.comwww.studiomacdesign.itz.whorecord.xyz
2 years ago

Recent Posts

Fragtor.158799 (file analysis)

The Fragtor.158799 is considered dangerous by lots of security experts. When this infection is active,…

1 min ago

Win32/Adware.Agent.NPP removal tips

The Win32/Adware.Agent.NPP is considered dangerous by lots of security experts. When this infection is active,…

2 mins ago

How to remove “Trojan.Agent.VB.BNU (B)”?

The Trojan.Agent.VB.BNU (B) is considered dangerous by lots of security experts. When this infection is…

12 mins ago

Win32:Fosniw-C [Trj] removal guide

The Win32:Fosniw-C [Trj] is considered dangerous by lots of security experts. When this infection is…

13 mins ago

Win32/GenKryptik.GVYR removal instruction

The Win32/GenKryptik.GVYR is considered dangerous by lots of security experts. When this infection is active,…

38 mins ago

Fragtor.525921 removal

The Fragtor.525921 is considered dangerous by lots of security experts. When this infection is active,…

43 mins ago