Backdoor

Backdoor.Win32.RA-Based removal tips

Malware Removal

The Backdoor.Win32.RA-Based is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.RA-Based virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Backdoor.Win32.RA-Based?



File Info:

name: 3084876DF2C5AF973D2D.mlw
path: /opt/CAPEv2/storage/binaries/d107980cd79b44c38ee73cc7c58a17dac24e22e68d83cb87f5a25a8a4e9bdde3
crc32: 6F7F3E09
md5: 3084876df2c5af973d2d7c19566ff619
sha1: c6c701007fa057c755d254a2867922931947d8c5
sha256: d107980cd79b44c38ee73cc7c58a17dac24e22e68d83cb87f5a25a8a4e9bdde3
sha512: 03cb2ca0ed33c4ade2603325959e8cb4bb7f54b1ef24b3cc16f4251b386b0d246b79c06e3435f0ae4366011c26ec013a220a15a6cd06b8a8cb2b0e3bff044aba
ssdeep: 196608:wLO3N3qEnksCPSorJyZrkWAaoAOygdZpr+YkC6iTG1qYlnd:dcwkhAkWzOHdZpr9kiG1Jld
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C5B6233FF2A8653EC46E1B3246B3921099B77A61680A8C1F57FC380DCF765601E3B656
sha3_384: baeeb0caf3062ec477198db54aa0cc42b6f1668259e80577950a9d58c41953a99f45fa6cbe4e5dd8115712bca85799bf
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2022-04-14 16:10:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: 8JscyLRG9CPh76fZhWjD Incorporated                           
FileDescription: ldMGiUw3Xqa3ZE corp Setup                                   
FileVersion: 6.3                 
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: ldMGiUw3Xqa3ZE corp                                         
ProductVersion: 8.3                                               
Translation: 0x0000 0x04b0

Backdoor.Win32.RA-Based also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.RA-Based.4!c
SangforTrojan.Win32.Agent.Vs0d
K7AntiVirusTrojan ( 005a624d1 )
K7GWTrojan ( 005a624d1 )
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SUN
KasperskyHEUR:Backdoor.Win32.RA-Based.gen
AvastWin32:Malware-gen
TencentWin32.Backdoor.Ra-based.Rimw
McAfee-GW-EditionBehavesLike.Win32.BadFile.vc
SophosMal/Generic-S
ZoneAlarmHEUR:Backdoor.Win32.RA-Based.gen
McAfeeArtemis!3084876DF2C5
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R03BH07CV23
MaxSecureTrojan.Malware.73388688.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Backdoor.Win32.RA-Based?

Backdoor.Win32.RA-Based removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment