Backdoor

Backdoor.ZegostPMF.S11118811 information

Malware Removal

The Backdoor.ZegostPMF.S11118811 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.ZegostPMF.S11118811 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Starts servers listening on 0.0.0.0:13141
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Anomalous binary characteristics

Related domains:

r.nxxxn.ga
fuck88.f3322.net

How to determine Backdoor.ZegostPMF.S11118811?



File Info:

crc32: B28A0FF5
md5: c3aaa23fd283a5239a87053cbf6f88f5
name: SQLamd.exe
sha1: a13a3dfe41773a5943c91e963155a5dc8e863d76
sha256: 82457f68e25d01555b2fa2555a635c9b69d44b706374550d1431bc3f354edc08
sha512: be2d1b3f709586f715c711cbf1bd903494717ff576990c120d8d8695416f536a4d660cfdad6ec72a03307a8c8e6048ca6d7067570a203c6620f13b8205061e47
ssdeep: 24576:1vdSuGEeNqGed+HmomnY/g3EGtjlwMnU0e5cxitwZKHAeGVFoFRDOR:119reNqGeoHmD6qEaZwMkcxitSKSzcR
type: MS-DOS executable, MZ for MS-DOS


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2004
InternalName: calculator
FileVersion: 1, 0, 0, 1
ProductName: calculator x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: calculator Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: calculator.EXE
Translation: 0x0804 0x04b0

Backdoor.ZegostPMF.S11118811 also known as:

MicroWorld-eScanTrojan.GenericKDZ.57545
FireEyeGeneric.mg.c3aaa23fd283a523
CAT-QuickHealBackdoor.ZegostPMF.S11118811
McAfeeGenericRXAA-AA!C3AAA23FD283
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1929328
K7AntiVirusTrojan ( 005343d71 )
BitDefenderTrojan.GenericKDZ.57545
K7GWTrojan ( 005343d71 )
Invinceaheuristic
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
GDataTrojan.GenericKDZ.57545
KasperskyHEUR:Trojan.Win32.Generic
RisingTrojan.Kryptik!8.8 (RDMK:cmRtazoXhNiRQBqrSLJab+5HDJwv)
Ad-AwareTrojan.GenericKDZ.57545
EmsisoftTrojan.GenericKDZ.57545 (B)
ComodoBackdoor.Win32.Zegost.XP@7o7w19
F-SecureTrojan.TR/Crypt.Agent.alaku
DrWebBackDoor.BlackMoon.15
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Emotet.tc
Trapminemalicious.high.ml.score
CMCVirus.Win32.Sality!O
JiangminBackdoor.Farfli.ckm
AviraTR/Crypt.Agent.alaku
MAXmalware (ai score=87)
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.DE0C9
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Wacatac.D!ml
AhnLab-V3Malware/Win32.Generic.C3403195
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34100.enuaaujmFGdj
ALYacTrojan.GenericKDZ.57545
VBA32Trojan.APosT
ESET-NOD32a variant of Win32/Kryptik.GGXP
TencentMalware.Win32.Gencirc.10b8c293
YandexTrojan.Agent!KcomIKNn7Jk
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_98%
FortinetW32/Kryptik.GGXP!tr
AVGWin32:Malware-gen
Qihoo-360HEUR/QVM18.1.F6C5.Malware.Gen

How to remove Backdoor.ZegostPMF.S11118811?

Backdoor.ZegostPMF.S11118811 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment