Backdoor

Backdoor.Win32.Mokes.anyq removal instruction

Malware Removal

The Backdoor.Win32.Mokes.anyq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Mokes.anyq virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Latvian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location

How to determine Backdoor.Win32.Mokes.anyq?



File Info:

name: B1C034F35BC5D93D410C.mlw
path: /opt/CAPEv2/storage/binaries/4c2970d5619006bfedae0a7a1608e9eee009d08af2d1721081ed4341581fe873
crc32: 5BA901C1
md5: b1c034f35bc5d93d410cc6cc15575059
sha1: f7043b6c2de5ecd18d8c9d7280bbf1bbbf5d3e8d
sha256: 4c2970d5619006bfedae0a7a1608e9eee009d08af2d1721081ed4341581fe873
sha512: a2eee8d0fe61c59e6323998a138193db26171362ddf7c60945c4af45af7004368412272a6e0e551808c51fdfc29a784f95c268e8b14f90fbebfd92132888313d
ssdeep: 3072:lxneBvEKHDDtZlseIzD/JAXKgHf6IRCuvZhG3L2:KtE4DtZ6YXLHfauvPz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T157E3BE1072E080F5D59F253428B4DAA91EF6BCB22775418B73B422BF0F603D2596D76B
sha3_384: 10020262667d66d1afd6454e7cbd064d297f04a4115952241782985d90817f460f94d80b34b3eb3476e3fb92cb1dfbd7
ep_bytes: e8502a0000e989feffffcccccccccccc
timestamp: 2020-10-30 09:00:53


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.27
Translation: 0x0114 0x046a

Backdoor.Win32.Mokes.anyq also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Mokes.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Midie.104722
FireEyeGeneric.mg.b1c034f35bc5d93d
McAfeeLockbit-FSWW!B1C034F35BC5
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaBackdoor:Win32/Mokes.4f5c65ec
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.c2de5e
BitDefenderThetaGen:NN.ZexaF.34062.jq0@ayueoDdI
CyrenW32/Kryptik.FUG.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.HNLB
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Mokes.anyq
BitDefenderGen:Variant.Midie.104722
AvastWin32:PWSX-gen [Trj]
Ad-AwareGen:Variant.Midie.104722
SophosML/PE-A + Troj/Krypt-BO
DrWebTrojan.Tofsee.37
TrendMicroTrojan.Win32.SMOKELOADER.YXBKZZ
McAfee-GW-EditionBehavesLike.Win32.Emotet.ch
EmsisoftTrojan.Crypt (A)
IkarusTrojan-Ransom.StopCrypt
GDataWin32.Trojan.BSE.11GYDBI
JiangminBackdoor.Agent.kyf
AviraTR/AD.MalwareCrypter.qhhzg
KingsoftWin32.Hack.Mokes.An.(kcloud)
MicrosoftTrojan:Win32/Azorult.RT!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.FSWW.R453172
Acronissuspicious
VBA32Trojan.Sabsik.FL
ALYacGen:Variant.Midie.104722
MAXmalware (ai score=87)
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTrojan.Win32.SMOKELOADER.YXBKZZ
RisingTrojan.Kryptik!1.DAC3 (CLASSIC)
YandexBackdoor.Mokes!MYK0Y5Cov/I
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_60%
FortinetW32/Lockbit.FSWW!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Backdoor.Win32.Mokes.anyq?

Backdoor.Win32.Mokes.anyq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment