Backdoor

Backdoor.Win32.Raroger.nq malicious file

Malware Removal

The Backdoor.Win32.Raroger.nq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Raroger.nq virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Detects Bochs through the presence of a registry key
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor.Win32.Raroger.nq?



File Info:

name: 0145F905545B9839E75A.mlw
path: /opt/CAPEv2/storage/binaries/eb21bf516351f9ae22e16ea5875655cb6747fb39f14d76c0d134db7e7df5f2e2
crc32: 8345A01A
md5: 0145f905545b9839e75ab39561005081
sha1: 0d715da7e0622cc6bc422898f37027b55032d0aa
sha256: eb21bf516351f9ae22e16ea5875655cb6747fb39f14d76c0d134db7e7df5f2e2
sha512: 9a7aaf9d575cd2cae1f21ee08ac25638e42b91c7fe211a136158346d4120714ef2b4265f9b8a748426366b94ac6af7652f62470ff1bdd3b222783f798fefe423
ssdeep: 196608:e8u8ks8NYKAiZnFk/wpUlPE2vaKzEHNy0HlxDWcGH79ulYU6Qeq:e8u8Pm7PDUeTNb4rJfM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A5B633B9B425140BEAF1357C1B7C87793C395D1C985A239637C2F89F32691B866A8333
sha3_384: 9fd5896ed32776646ac8d0a07d25670e761790e057572d6caa45b2afa2d004e0bfd5f14cee7111b76c689f17c7ee3dad
ep_bytes: 81ecf80300005556576a205f33ed6801
timestamp: 2023-07-02 02:09:43


Version Info:

Comments: Kill-Update
CompanyName: David Le Bansais
FileDescription: Kill-Update
FileVersion: 1.1.0.330
LegalCopyright: Copyright © David Le Bansais 2019
LegalTrademarks: 
OriginalFilename: Kill-Update.exe
ProductName: Kill-Update
ProductVersion: 1.1.0
Translation: 0x0409 0x04b0

Backdoor.Win32.Raroger.nq also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Raroger.m!c
MicroWorld-eScanGen:Heur.Mint.Porcupine.@x3@bKQ63Hnig
CAT-QuickHealTrojan.CoinMiner.S30516202
MalwarebytesTrojan.Packed
ZillyaTrojan.Fsysna.Win32.64186
CynetMalicious (score: 99)
K7AntiVirusTrojan ( 005aa1bb1 )
AlibabaBackdoor:Win32/Raroger.0c16395c
K7GWTrojan ( 005a7b1f1 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
APEXMalicious
KasperskyBackdoor.Win32.Raroger.nq
BitDefenderGen:Heur.Mint.Porcupine.@x3@bKQ63Hnig
NANO-AntivirusTrojan.Win32.Raroger.kedamk
AvastWin32:Evo-gen [Trj]
TencentVbs.Trojan.Alien.Cwnw
EmsisoftGen:Heur.Mint.Porcupine.@x3@bKQ63Hnig (B)
F-SecureHeuristic.HEUR/AGEN.1366393
DrWebVBS.Uacbypass.1
VIPREGen:Heur.Mint.Porcupine.@x3@bKQ63Hnig
TrendMicroTROJ_GEN.R002C0XC824
FireEyeGen:Heur.Mint.Porcupine.@x3@bKQ63Hnig
SophosMal/Generic-S
IkarusTrojan.Win32.Krypt
VaristW32/Agent.GOA.gen!Eldorado
AviraHEUR/AGEN.1369308
Antiy-AVLTrojan/Win64.GenKryptik
KingsoftWin32.Troj.Unknown.a
ArcabitTrojan.Mint.Porcupine.E547A3
ZoneAlarmHEUR:Trojan.VBS.Alien.gen
GDataGen:Heur.Mint.Porcupine.@x3@bKQ63Hnig
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5443850
Acronissuspicious
VBA32BScope.TrojanBanker.Mekoban
MAXmalware (ai score=85)
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0XC824
RisingTrojan.HiddenRun/NSIS!1.E740 (CLASSIC)
YandexRiskware.VMProtect!a9kfKdFw/k8
FortinetRiskware/Application
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.5545b9
DeepInstinctMALICIOUS

How to remove Backdoor.Win32.Raroger.nq?

Backdoor.Win32.Raroger.nq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment