Backdoor

Backdoor.Win32.TeviRat.dxa information

Malware Removal

The Backdoor.Win32.TeviRat.dxa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.TeviRat.dxa virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Win32.TeviRat.dxa?



File Info:

name: 9F5E8534EB4843823047.mlw
path: /opt/CAPEv2/storage/binaries/e87c1e6494c7764dc11b25f07688ad78e58ce268d149d9f94eeaaf01dddd20ec
crc32: 51FAFD47
md5: 9f5e8534eb4843823047f1ddeb5a8b5b
sha1: 1cbb7bc2bed2890a0e738f61d02142a3edc4f8b1
sha256: e87c1e6494c7764dc11b25f07688ad78e58ce268d149d9f94eeaaf01dddd20ec
sha512: fcbb005139347db093006e733d8b6da4f84033f8347f9d1e9b4a95291e43cd26bd08b7c7bbd94aa7e09a801bf36df90f1e08ddeb03131ccd883e06dac1ef1d80
ssdeep: 49152:qifocsz7BunZeJem5r5w66aUXAxiVLDIUE8vs8wuU:qifGfBHJbq66aVOnzU1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T116953323AB7518B6D0F2C7316C639419616BFB23427AB6383A64643B5F6F705483EB13
sha3_384: 8f51c08d929f98ad43340cc795bb13877cfc2f8c1f3dc1312fab1e4730747f2c0020fb4122bb308d30fd52f70e0835cd
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: DZn                                                         
FileDescription: DZngBackup                                                  
FileVersion: 1.2.5.30            
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Backdoor.Win32.TeviRat.dxa also known as:

McAfeeArtemis!9F5E8534EB48
CrowdStrikewin/grayware_confidence_60% (D)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
KasperskyBackdoor.Win32.TeviRat.dxa
AvastWin32:Trojan-gen
TencentWin32.Backdoor.Tevirat.Usmw
F-SecureTrojan.TR/AD.Nekark.youel
McAfee-GW-EditionArtemis
Trapminesuspicious.low.ml.score
JiangminTrojan.Ekstak.chra
AviraTR/AD.Nekark.youel
ZoneAlarmBackdoor.Win32.TeviRat.dxa
MicrosoftTrojan:Win32/Woreflint.A!cl
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Malware-gen.R576591
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr
AVGWin32:Trojan-gen

How to remove Backdoor.Win32.TeviRat.dxa?

Backdoor.Win32.TeviRat.dxa removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment