Backdoor.Win32.Yoddos malicious file

The Backdoor.Win32.Yoddos is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Yoddos virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Backdoor.Win32.Yoddos?


File Info:
name: 11CEC289B1B7CF95BC39.mlw
path: /opt/CAPEv2/storage/binaries/87bc30b64e5ffbf2f10b922195c4d610bc4a1a0d4a5c1d832e2b7bd0d27ad1a7
crc32: 130961B2
md5: 11cec289b1b7cf95bc394989370a4888
sha1: 2d20676a7be99556962ced8c431cdc56629b6db2
sha256: 87bc30b64e5ffbf2f10b922195c4d610bc4a1a0d4a5c1d832e2b7bd0d27ad1a7
sha512: 584c263312700480bd5c5d2bf81395145a8d14340eb8f7e10d2e0063dc805c872366bc022a1244544a0dd436d00142595c70c7f88a8182f5a1a7ae75e889502c
ssdeep: 768:DKEu5IYTEJWRC8r7gSGNWapkQWnFvIFzv1SpMJpgbRfJFHSGsAqDt1dK:2EnYTqEr7/aSmpNvgbRhZXslDt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T193248FC43E8184A9E3B44AB11CDF78435B5358E823AAA1DE4D71453681EE44F276FBF4
sha3_384: a8187c15ed3b9cb78b41cda96fd327d07ea0794c98c93352ba8ee08975aa4dfb785c08b5551d041e90e5bf57a17a64ad
ep_bytes: 00000000000000000000000000000000
timestamp: 2017-10-15 03:39:59

Version Info:
0: [No Data]

Backdoor.Win32.Yoddos also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Yoddos.m!c
tehtris	Generic.Malware
FireEye	Generic.mg.11cec289b1b7cf95
Skyhigh	BehavesLike.Win32.Generic.dz
Malwarebytes	Backdoor.Padodor
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.a7be99
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Yoddos.gen
ViRobot	Trojan.Win.Z.Yoddos.212992.I
Sophos	ML/PE-A
F-Secure	Trojan.TR/Crypt.ZPACK.Gen2
Trapmine	malicious.high.ml.score
Varist	W32/Agent.FTI.gen!Eldorado
Avira	TR/Crypt.ZPACK.Gen2
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Backdoor.Win32.Yoddos.gen
Google	Detected
AhnLab-V3	Downloader/Win.Berbew.C5536052
McAfee	Artemis!11CEC289B1B7
DeepInstinct	MALICIOUS
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R03BH0CK823
Rising	Trojan.Generic@AI.100 (RDML:bDtlfRPrcGajIW6Z9XjOlA)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Qukart.8979!tr
AVG	Win32:Evo-gen [Trj]
Avast	Win32:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Yoddos?

Backdoor.Win32.Yoddos removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X