Backdoor

Backdoor.Win32.TeviRat.bro malicious file

Malware Removal

The Backdoor.Win32.TeviRat.bro is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.TeviRat.bro virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Created a service that was not started
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Win32.TeviRat.bro?



File Info:

name: 3EC30D464D83D7E0E63E.mlw
path: /opt/CAPEv2/storage/binaries/8217b7bdea66242138db11db767f8daee5925877b717d8b041f1c8bd40c3c3ca
crc32: A4AAE05C
md5: 3ec30d464d83d7e0e63ee2aed539b866
sha1: 9cacfd8f8c2ccb2ac96c2084eb8725424e517184
sha256: 8217b7bdea66242138db11db767f8daee5925877b717d8b041f1c8bd40c3c3ca
sha512: 20d3a708410b19452cced30408c5c21bfadd9a454eb4b2f4e6930a243a398831bccd8850a573b31d8be7948589ff5eb6c7174c1beeb234428c4eadd4263dc1bf
ssdeep: 49152:AGDbgoFiuK+jTSirEyKgxdiMUiVL2YZXqxMOOOKX:dv1ZrlKgr72YZa/OOQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8B5331AD0C740B3FA916BF8EC7AEA56DAEEF473614C048962FD464F3F1B22815945C8
sha3_384: 0d6e7ded8982b90af8403d9f71f0a0a9f7a7cdb4ed99efd352f0a09ca31af3a31c74b69574a9b8ec814e230542e4ba3c
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: RanDH Software                                              
FileDescription: RanDH                                                       
FileVersion: 1.22                
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Backdoor.Win32.TeviRat.bro also known as:

BkavW32.Common.C8A83BF4
LionicTrojan.Win32.TeviRat.4!c
ClamAVWin.Malware.Filerepmalware-9970560-0
MalwarebytesAgent.Trojan.Dropper.DDS
SangforDropper.Win32.Tevirat.Vuhm
AlibabaBackdoor:Win32/TeviRat.dfb4760b
K7GWTrojan ( 005722f11 )
K7AntiVirusTrojan ( 005722f11 )
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
KasperskyBackdoor.Win32.TeviRat.bro
AvastNSIS:Adware-AEK [Adw]
TencentWin32.Backdoor.Tevirat.Gajl
SophosMal/Generic-S
DrWebTrojan.MulDrop21.16194
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.vc
Trapminemalicious.moderate.ml.score
IkarusTrojan-Dropper.Win32.Agent
JiangminTrojan.Ekstak.bvhp
ZoneAlarmBackdoor.Win32.TeviRat.bro
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!3EC30D464D83
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H0CH923
MaxSecureTrojan.Malware.194492962.susgen
FortinetW32/Agent.SLC!tr.dldr
AVGNSIS:Adware-AEK [Adw]
DeepInstinctMALICIOUS

How to remove Backdoor.Win32.TeviRat.bro?

Backdoor.Win32.TeviRat.bro removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment