Backdoor.Win32.Remcos.skq (file analysis)

The Backdoor.Win32.Remcos.skq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Remcos.skq virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Hungarian
Attempts to repeatedly call a single API many times in order to delay analysis time
Anomalous binary characteristics

How to determine Backdoor.Win32.Remcos.skq?


File Info:
crc32: BE82CB7E
md5: b75b990ac5990f1b6b0127540de4ec30
name: B75B990AC5990F1B6B0127540DE4EC30.mlw
sha1: 66dd5a9d359faf4abdff9b53b8e96280eff58038
sha256: f7aba1c5e66938efc7a722f98344a70a2443391668283f08da1202bde6c9b925
sha512: e2009b8e6ad35c60f08efb6514c18c650929f343b01a14f2aab8d5eaec880520c67bcf6795ed21be8c462a2c32eb31e80a7a3a1c9767776ce18f208b4f89ff45
ssdeep: 1536:61oJy7aGTvIaUZNcddsm3dE+WE2i5JjyI+h91mR4E:6v7aGTUcddaMrjyIA1jE
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x040e 0x04b0
LegalCopyright: Copyright (C) AC
InternalName: OPSGTEBARBA
FileVersion: 1.00
CompanyName: AC
LegalTrademarks: Copyright (C) AC
Comments: AC
ProductName: AC
ProductVersion: 1.00
FileDescription: AC
OriginalFilename: OPSGTEBARBA.exe

Backdoor.Win32.Remcos.skq also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PackedENT.221
MicroWorld-eScan	Trojan.GenericKD.36437670
FireEye	Generic.mg.b75b990ac5990f1b
CAT-QuickHeal	Trojan.Vbobfuse
Qihoo-360	Win32/Backdoor.Remcos.HgIASQYA
ALYac	Backdoor.Remcos.A
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005788e61 )
BitDefender	Trojan.GenericKD.36437670
K7GW	Trojan ( 005788e61 )
Cybereason	malicious.ac5990
BitDefenderTheta	Gen:NN.ZevbaCO.34608.fm0@a4jNcWpG
Cyren	W32/VBKrypt.ARZ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R002C0DC321
Avast	Win32:Trojan-gen
ClamAV	Win.Packed.Filerepmalware-9838753-0
Kaspersky	Backdoor.Win32.Remcos.skq
Alibaba	Backdoor:Win32/Remcos.1d17e44d
NANO-Antivirus	Trojan.Win32.PackedENT.inyruj
ViRobot	Trojan.Win32.Z.Agent.94208.EEL
AegisLab	Trojan.Win32.Generic.4!c
Rising	Downloader.Guloader!1.D2F0 (CLOUD)
Ad-Aware	Trojan.GenericKD.36437670
Sophos	Mal/Generic-S
Comodo	Malware@#3ccj5owsm1sgo
F-Secure	Trojan.TR/Injector.ckgpx
TrendMicro	TROJ_GEN.R002C0DC321
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.nm
Emsisoft	Trojan.Injector (A)
Ikarus	Trojan.VB.Crypt
Webroot	W32.Malware.Gen
Avira	TR/Injector.ckgpx
Antiy-AVL	Trojan[Backdoor]/Win32.Remcos
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/VBObfuse.SS!MTB
Gridinsoft	Trojan.Win32.Packed.oa
Arcabit	Trojan.Generic.D22BFEA6
AhnLab-V3	Malware/Win32.RL_Generic.R369317
ZoneAlarm	Backdoor.Win32.Remcos.skq
GData	Trojan.GenericKD.36437670
Cynet	Malicious (score: 100)
ESET-NOD32	a variant of Win32/Injector.EOSK
McAfee	PWS-FCUB!B75B990AC599
MAX	malware (ai score=99)
Malwarebytes	Trojan.MalPack.VB
Panda	Trj/Agent.PM
APEX	Malicious
Tencent	Win32.Backdoor.Remcos.Pezj
Yandex	Trojan.AvsArher.bTx33N
Fortinet	W32/Injector.EOTL!tr
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Remcos.skq?

Backdoor.Win32.Remcos.skq removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X