Categories: Backdoor

Backdoor:Win32/Autocrat.E removal instruction

The Backdoor:Win32/Autocrat.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Autocrat.E virus can do?

Executable code extraction
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Checks for the presence of known devices from debuggers and forensic tools
Anomalous binary characteristics

Related domains:

asp.7i24.com

How to determine Backdoor:Win32/Autocrat.E?


File Info:
crc32: FC8EF933md5: b1d603033ce830ea630848f4c35b003dname: B1D603033CE830EA630848F4C35B003D.mlwsha1: 5c1a2df11e07c71622e8cadc37d26429463727f0sha256: a685a7034b69affff698d433d0efbdb48b76c3d009653c6a0c4a9c4682ce15c3sha512: 3ebf7e4947b33c1dfdb6609811bfe61b548e7900f449f36113ea6fee0f6cb1f0cd37131d56db31d696e206d0b2506b7fab176caed2466e1886d70e133c201a30ssdeep: 3072:aOPD2tZCM4qRpwZudX1JBkITOygPDHfaqPjr0ghzq6D/oUmhw3QiU89EybTT:d72thTwIX1JBkITOygbdPhcGAi5Ttype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0804 0x04b0LegalCopyright: Copyright (C) Microsoft Corp. 1985-2002InternalName: wupdmgr32FileVersion: 5.03.0220CompanyName: Microsoft CorporationProductName: Microsoft(R) Windows (R) 2000 Operating SystemProductVersion: 5.03.0220FileDescription: Windows Update ManagerOriginalFilename: wupdmgr32.exe

Backdoor:Win32/Autocrat.E also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	NetWorm ( 700000151 )
Elastic	malicious (high confidence)
DrWeb	BackDoor.Generic.497
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.MauvaiseRI.S5254356
ALYac	Gen:Trojan.Malware.mm0@aGHcIScb
Cylance	Unsafe
Zillya	Backdoor.Autocrat.Win32.20
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Backdoor:Win32/Autocrat.d486fea8
K7GW	NetWorm ( 700000151 )
Cybereason	malicious.33ce83
Cyren	W32/Trojan.OKYP-6993
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Autocrat.NAA
APEX	Malicious
Avast	Win32:Hucsyn-E [Trj]
ClamAV	Win.Trojan.Winshell-4
Kaspersky	Backdoor.Win32.Autocrat.e
BitDefender	Gen:Trojan.Malware.mm0@aGHcIScb
NANO-Antivirus	Trojan.Win32.Autocrat.slol
MicroWorld-eScan	Gen:Trojan.Malware.mm0@aGHcIScb
Tencent	Win32.Backdoor.Autocrat.cpja
Ad-Aware	Gen:Trojan.Malware.mm0@aGHcIScb
Sophos	Generic ML PUA (PUA)
Comodo	Backdoor.Win32.Autocrat.NAA@9oh7
F-Secure	Backdoor.BDS/WinShell.50.A
BitDefenderTheta	AI:Packer.EB171DFA21
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	BKDR_AUTOCRAT.O
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
FireEye	Generic.mg.b1d603033ce830ea
Emsisoft	Gen:Trojan.Malware.mm0@aGHcIScb (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Backdoor.Gen
Avira	BDS/WinShell.50.A
eGambit	Unsafe.AI_Score_95%
Antiy-AVL	Trojan/Generic.ASMalwS.C41CD
Kingsoft	Win32.Heur.KVM006.a.(kcloud)
Microsoft	Backdoor:Win32/Autocrat.E
Arcabit	Trojan.Malware.ECEC59
ZoneAlarm	Backdoor.Win32.Autocrat.e
GData	Gen:Trojan.Malware.mm0@aGHcIScb
AhnLab-V3	Backdoor/Win32.Autocrat.R147450
McAfee	DDoS-HeiBei
MAX	malware (ai score=100)
VBA32	Trojan.VBO.011151
Malwarebytes	Malware.AI.824524613
Panda	Trj/CI.A
TrendMicro-HouseCall	BKDR_AUTOCRAT.O
Rising	Trojan.AutoCrat.a (CLASSIC)
Yandex	Backdoor.Autocrat.Q
Ikarus	Backdoor.Win32.Death
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Autocrat.E!tr.bdr
AVG	Win32:Hucsyn-E [Trj]