Categories: Backdoor

Backdoor.Win32.Mokes.aogy (file analysis)

The Backdoor.Win32.Mokes.aogy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Mokes.aogy virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Dynamic (imported) function loading detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Hungarian
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Detects Sandboxie through the presence of a library
Detects Avast Antivirus through the presence of a library
Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Backdoor.Win32.Mokes.aogy?


File Info:
name: 0DD58854DD062BF7E88C.mlwpath: /opt/CAPEv2/storage/binaries/17f62ffa0e3128d685bc5e639c9ce6035753e8807adcc9b32207819b38adffd4crc32: 8256F962md5: 0dd58854dd062bf7e88cdfbfbc459ed9sha1: ecc8b4b821d3d23a6414241651378e211ea41b8csha256: 17f62ffa0e3128d685bc5e639c9ce6035753e8807adcc9b32207819b38adffd4sha512: 540906a3eded41806cc757148f9736a719403fc48904d555fe8cb1f0332adb558d2561d251a2a38b1a0a4bf49cd58c4fdff0434a9d1356fbc3bb2dc5c86fdc26ssdeep: 1536:yURLM3PMMInLSwncokbZ2tpNxEQFSppuGD4+cnBC+EKedQef9F4lglnD8:PLMwn/cokbZ2XhCpLD4+MxeusbBtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D264AF157EE18033C4E346B04974C7A19E7F781276B3B18B3B891A9F1E712C29A36F06sha3_384: 287848607d2c104fd880737509fd615872cd1df17636743bd2e8c269b8ca50abf507fe8501c1d2ff1e496a356f304883ep_bytes: e8a72d0000e979feffff8bff558bec8btimestamp: 2020-10-29 13:35:38
Version Info:
InternationalName: bomgvioci.iwaCopyright: Copyrighz (C) 2021, fudkortProjectVersion: 3.14.72.77Translation: 0x0129 0x07bc

Backdoor.Win32.Mokes.aogy also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen16.16072
MicroWorld-eScan	Gen:Heur.Mint.Zitirez.suW@bS9nZTbKzb
FireEye	Generic.mg.0dd58854dd062bf7
CAT-QuickHeal	Trojan.RaccryptPMF.S25772832
McAfee	Lockbit-FSWW!0DD58854DD06
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 00584baa1 )
Alibaba	Backdoor:Win32/Mokes.2b2be774
K7GW	Riskware ( 00584baa1 )
BitDefenderTheta	Gen:NN.ZexaF.34712.suW@aS9nZTbK
Cyren	W32/Kryptik.FWV.gen!Eldorado
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik.HNUL
Paloalto	generic.ml
ClamAV	Win.Packed.Generic-9917126-0
Kaspersky	Backdoor.Win32.Mokes.aogy
BitDefender	Gen:Heur.Mint.Zitirez.suW@bS9nZTbKzb
NANO-Antivirus	Trojan.Win32.Redcap.jjslfa
Avast	Win32:AceCrypter-C [Cryp]
Tencent	Trojan-ransom.Win32.Stop.16000284
Ad-Aware	Gen:Heur.Mint.Zitirez.suW@bS9nZTbKzb
Sophos	ML/PE-A + Mal/Agent-AWV
Zillya	Trojan.Kryptik.Win32.3660408
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.Crypt (A)
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanSpy.Stealer.luk
Avira	TR/Redcap.shuot
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Ransom:Win32/StopCrypt.PU!MTB
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Win32.Trojan.BSE.1I89TIO
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.FSWW.R460591
Acronis	suspicious
VBA32	Trojan.CryptInject
MAX	malware (ai score=80)
Malwarebytes	Trojan.MalPack.GS
APEX	Malicious
Rising	Trojan.Generic@AI.92 (RDMK:QAT1I9ANyv8+r3/rzbVaNw)
Yandex	Backdoor.Mokes!4iTdAnNgIys
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/GenericKDZ.6DF1!tr
AVG	Win32:AceCrypter-C [Cryp]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (D)