Backdoor

Backdoor.Win32.Remcos.tyg malicious file

Malware Removal

The Backdoor.Win32.Remcos.tyg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Win32.Remcos.tyg virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Writes a potential ransom message to disk
  • CAPE detected the PyInstaller malware family

How to determine Backdoor.Win32.Remcos.tyg?


File Info:

name: FBF9C3CC2FB6047EA224.mlw
path: /opt/CAPEv2/storage/binaries/2f8a70bdd6392c313138f634d2174fc11903dced801fc7babd853d9ddfe48675
crc32: 6FD523EF
md5: fbf9c3cc2fb6047ea2247381a5917f61
sha1: de5218d2e10cd584c682fa2932ae4c4ffddac9b0
sha256: 2f8a70bdd6392c313138f634d2174fc11903dced801fc7babd853d9ddfe48675
sha512: bd0f93e766507e614daf854897ada696d33753efbb5149a4e3fa119c6842ccd684546bc561723a99cd58920d9c43d9ca1fc72f380f89c6ca471a7b7a58a8f5ab
ssdeep: 196608:H0vSPdqQdy5IcECsXDjDyf6H2WliXYrHW1L0zFqin561o98:xPoQtcECEDVH2ciIrHWR6qin5S
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T188A6334EAA1215DBE97213388D104A2AC866B0B35F53C17F0A1C95B78F573E9AC37F91
sha3_384: 03bbebc0e37c226408b101223086fbfcbfc3f16b5aae792f59720ef8ba8f6c0f4368a6e7bde2a5ab7e04408891ffec7a
ep_bytes: 4883ec28e8f70400004883c428e972fe
timestamp: 2021-08-01 04:39:37

Version Info:

0: [No Data]

Backdoor.Win32.Remcos.tyg also known as:

LionicTrojan.Win32.Remcos.m!c
CAT-QuickHealBackdoor.Remcos
McAfeeArtemis!FBF9C3CC2FB6
CylanceUnsafe
SangforBackdoor.Win32.Remcos.tyg
AlibabaBackdoor:Win32/Remcos.8851c2ee
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Remcos.tyg
TencentWin32.Backdoor.Remcos.Eibp
McAfee-GW-EditionBehavesLike.Win64.Generic.tc
SophosMal/Generic-S
GridinsoftRansom.Win64.Wacatac.sa
MicrosoftProgram:Win32/Uwamson.A!ml
VBA32Backdoor.Remcos
SentinelOneStatic AI – Suspicious PE

How to remove Backdoor.Win32.Remcos.tyg?

Backdoor.Win32.Remcos.tyg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment