Categories: Backdoor

Backdoor.Win32.Remcos.cxb information

The Backdoor.Win32.Remcos.cxb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Remcos.cxb virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
At least one process apparently crashed during execution
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Detected script timer window indicative of sleep style evasion
A process attempted to delay the analysis task.
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
A scripting utility was executed
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Sniffs keystrokes
A potential decoy document was displayed to the user
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a slightly modified copy of itself
Anomalous binary characteristics
Clears web history

Related domains:

daya4659.ddns.net

How to determine Backdoor.Win32.Remcos.cxb?


File Info:
crc32: CDB221F9md5: acc8f6acdae0e9fa08be35e2ec4705f7name: ACC8F6ACDAE0E9FA08BE35E2EC4705F7.mlwsha1: 2933efc24cb89b1e5df4b99d8afd624bd40fba81sha256: aea42dd44008f2fe434150f59e0cef40b83578cf1ee27a4fd1f6404d44b37bd2sha512: 929809d60535096fd6e064f532fa4f864255bbe736bff758aeb71c8eeec7e38e337fc2baf828b2ff7be45705d1a6b1141453e764cc4599aa873c68e45c77d458ssdeep: 49152:3LKVUUlIWYad7cwj644Mh+ZkldoPK8YaLDNcu:+/lIWYwjE2cPK8Xtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: DataStoreCacheDumpToolFileVersion: 747.168.650.508CompanyName: aadjcspProductName: auditcseProductVersion: 9.750.496.578FileDescription: powershell_iseOriginalFilename: CameraCaptureUI.exeTranslation: 0x0409 0x04b0

Backdoor.Win32.Remcos.cxb also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
ClamAV	Win.Downloader.LokiBot-6962970-0
FireEye	Generic.mg.acc8f6acdae0e9fa
McAfee	GenericRXAA-AA!ACC8F6ACDAE0
Cylance	Unsafe
Sangfor	Malware
BitDefender	Gen:Trojan.Heur.AutoIT.16
Cybereason	malicious.cdae0e
TrendMicro	Trojan.AutoIt.CRYPTINJECT.SMA
BitDefenderTheta	AI:Packer.7BFE163E17
Cyren	W32/AutoIt.JD.gen!Eldorado
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	AutoIt:Injector-JF [Trj]
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Remcos.cxb
NANO-Antivirus	Trojan.Win32.Remcos.fqrrmb
MicroWorld-eScan	Gen:Trojan.Heur.AutoIT.16
Rising	Trojan.Injector/Autoit!1.BB8F (CLASSIC)
Ad-Aware	Gen:Trojan.Heur.AutoIT.16
Emsisoft	Trojan.Autoit (A)
Comodo	Backdoor.Win32.Remcos.DA@8gvzim
F-Secure	Dropper.DR/AutoIt.Gen8
DrWeb	Trojan.Inject3.16009
Invincea	ML/PE-A + Mal/AuItInj-A
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.vh
Sophos	Troj/AutoIt-CKU
Ikarus	Trojan.Win32.Delf
MaxSecure	Trojan.Malware.7176537.susgen
Avira	DR/AutoIt.Gen8
MAX	malware (ai score=84)
Antiy-AVL	GrayWare/Autoit.ShellCode.a
Microsoft	VirTool:Win32/AutInject.CZ!bit
Arcabit	Trojan.Heur.AutoIT.16
AhnLab-V3	Win-Trojan/AutoInj.Exp
ZoneAlarm	Backdoor.Win32.Remcos.cxb
GData	Gen:Trojan.Heur.AutoIT.16
ESET-NOD32	a variant of Win32/Packed.AutoIt.PC
VBA32	Backdoor.Remcos
Malwarebytes	Backdoor.Remcos
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Trojan.AutoIt.CRYPTINJECT.SMA
Tencent	Malware.Win32.Gencirc.10b0d104
Yandex	Trojan.AvsArher.bS9LKk
eGambit	Unsafe.AI_Score_97%
Fortinet	AutoIt/Injector.DWD!tr
AVG	AutoIt:Injector-JF [Trj]
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	HEUR/QVM41.1.4AFB.Malware.Gen