Backdoor

What is “Backdoor.XpertRAT”?

Malware Removal

The Backdoor.XpertRAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.XpertRAT virus can do?

  • Presents an Authenticode digital signature
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.XpertRAT?



File Info:

crc32: 173FA2E5
md5: 870fdad769262715ea10aed9c9f724f4
name: RFQ_PO_7645321875.exe
sha1: ddb6654c1a408fb8e55b3b1d8506e7d1e4d54d6d
sha256: ff9d837e464eb07ad603c0b2ac0a35029117123c31570baeb61fca9a0242b493
sha512: a0227797adcceb27e12c7ef49b9eaa4a9814d85136e35a162b589dd3eccf8339b62cbec3f924fcf0cf317a55d068d393d66363c20cd0fcac86c3c3ad43e9f63d
ssdeep: 6144:nWZZ48Scl5iERbSvWhmVv2NwaOy+JhbJFpNVB7Uvm:nIZHScl5iERbSvWhmVv2Nwax+JhbJFpt
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

LegalCopyright: xa9 x513fx513fx5409. All rights reserved.
Assembly Version: 0.2.5.7
FileVersion: 0.7.6.2
CompanyName: x513fx6770x897f
LegalTrademarks: x6770x827ex513f
Comments: x6770x5409x827e x5fb7x513fx5fb7
ProductName: x897fx6770x5409 x5409x897fx5409
ProductVersion: 0.2.5.7
FileDescription: x5fb7x5409x6770 x5409x6770x897f
OriginalFilename: x897fx6770x5409 x5409x897fx5409.exe
Translation: 0x0409 0x0514

Backdoor.XpertRAT also known as:

Elasticmalicious (high confidence)
FireEyeGeneric.mg.870fdad769262715
Qihoo-360Generic/HEUR/QVM03.0.8956.Malware.Gen
McAfeePWS-FCRO!870FDAD76926
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 00570e301 )
K7GWTrojan ( 00570e301 )
CrowdStrikewin/malicious_confidence_80% (W)
InvinceaGeneric ML PUA (PUA)
CyrenW32/MSIL_Agent.BPW.gen!Eldorado
SymantecML.Attribute.HighConfidence
KasperskyHEUR:Trojan.MSIL.Injects.gen
DrWebTrojan.Siggen10.36869
TrendMicroTROJ_FRS.VSNTJC20
McAfee-GW-EditionArtemis!Trojan
IkarusTrojan.MSIL.Crypt
MicrosoftTrojan:Win32/Wacatac.C!ml
ZoneAlarmHEUR:Trojan.MSIL.Injects.gen
BitDefenderThetaGen:NN.ZemsilF.34298.qm1@amVJVBni
MalwarebytesBackdoor.XpertRAT
ESET-NOD32a variant of MSIL/Kryptik.YDQ
TrendMicro-HouseCallTROJ_FRS.VSNTJC20
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetMalicious_Behavior.SB
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Backdoor.XpertRAT?

Backdoor.XpertRAT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment