What is “Backdoor:ASP/Chopper.F!dha”?

The Backdoor:ASP/Chopper.F!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:ASP/Chopper.F!dha virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Backdoor:ASP/Chopper.F!dha?


File Info:
name: EB0804EA3E06245337AE.mlw
path: /opt/CAPEv2/storage/binaries/2ab3b6c8ffabca83d5a03a1b05732f070bd56f7579028c7d769d9644c1b7c19d
crc32: 35C96BB6
md5: eb0804ea3e06245337ae625beb1ef452
sha1: ecfca1f4eb3e3cec8fcac2b07698135e0e4dc92d
sha256: 2ab3b6c8ffabca83d5a03a1b05732f070bd56f7579028c7d769d9644c1b7c19d
sha512: 8d42e59d7b6a59715b38851061f0fc31f79fc1b80a2b96d8da35ba2f711ab8265c51d12b5bbd78291353533adda62137eb4688d6b4d99d50e3264c54dbe9153f
ssdeep: 196608:g154dK/BEYx2Fqvo9QjirfZegZFGy0bCgahO4/ahnvRQPSfNMWg:0/7x2FqvjirfZee0b3+ba5vNMJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T125D633643EC0403BD69A7A768DB047BAA5EDF70A4B2D408BD740E740697FB41C63F968
sha3_384: 17a2381430185d738e927b2479eeed5dfe1c24ef9b278a93b8909377097e0b331a4120732b111773db9130bacd10af03
ep_bytes: 558bec6aff68089b4200689447420064
timestamp: 2016-10-04 15:12:31

Version Info:
CompanyName: Igor Pavlov
FileDescription: 7z SFX
FileVersion: 16.04
InternalName: 7z.sfx
LegalCopyright: Copyright (c) 1999-2016 Igor Pavlov
OriginalFilename: 7z.sfx.exe
ProductName: 7-Zip
ProductVersion: 16.04
Translation: 0x0409 0x04b0

Backdoor:ASP/Chopper.F!dha also known as:

Lionic	Trojan.Win32.Wanna.u!c
McAfee	Artemis!EB0804EA3E06
Cylance	Unsafe
Sangfor	Ransom.Win32.Wannacry.Vjbx
Cybereason	malicious.a3e062
Baidu	Multi.Threats.InArchive
Symantec	OSX.Trojan.Gen
ESET-NOD32	multiple detections
Paloalto	generic.ml
ClamAV	Php.Exploit.C99-27
Kaspersky	HEUR:Trojan-Ransom.Win32.Wanna.gen
Alibaba	Backdoor:PHP/Dirtelti.8cfe7dcf
NANO-Antivirus	Trojan.Script.Agent.fhszcs
Avast	MacOS:Dnscat2-A [PUP]
Comodo	Malware@#2h6u0xjd4ia5t
TrendMicro	Ransom_Wanna.R002C0DGB22
McAfee-GW-Edition	BehavesLike.Win32.Dropper.rc
Sophos	Generic PUA OM (PUA)
Jiangmin	Trojan.Script.Generic1
Google	Detected
Avira	PHP/Obfuscated.aroap
Antiy-AVL	Trojan/Generic.ASCommon.20A
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Wanna.gen
Microsoft	Backdoor:ASP/Chopper.F!dha
VBA32	TrojanRansom.Wanna
MAX	malware (ai score=95)
TrendMicro-HouseCall	Ransom_Wanna.R002C0DGB22
Tencent	Php.Backdoor.Agent.Rwhl
Ikarus	Trojan.SuspectCRC
Fortinet	W32/Wanna!tr
AVG	MacOS:Dnscat2-A [PUP]
Panda	Trj/CI.A

How to remove Backdoor:ASP/Chopper.F!dha?

Backdoor:ASP/Chopper.F!dha removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X