Backdoor

Backdoor:Win32/Beksnoc.A information

Malware Removal

The Backdoor:Win32/Beksnoc.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Beksnoc.A virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Creates RWX memory
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Czech
  • Attempts to stop active services
  • Crashed cuckoomon during analysis. Report this error to the Github repo.
  • A process attempted to delay the analysis task by a long amount of time.
  • Behavior consistent with a dropper attempting to download the next stage.
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Backdoor:Win32/Beksnoc.A?



File Info:

crc32: 7B771C9A
md5: 1196a6a378a1fa3f2a5928b0940319af
name: 1196A6A378A1FA3F2A5928B0940319AF.mlw
sha1: b2c573fd49829ab2bcb53c8895f8898d36c80d30
sha256: 92882cca135ae0e745445e4b86e631e3c3d28528c988209f34bd58806aa27942
sha512: 0d1ea7b45d2734ecb85b7446e21a7fa9edcc3207bf8492206655ebe46dfbb0127601c22c1cde20aff198328e5833cad4b3fc9d1f2687753f309c9289aa246422
ssdeep: 1536:1KREoclXB7se3VeEQpUIpGQ+t89amRKhcFRbQ4iThtD3s5yD0ZLkkO5S7oc2bdQA:1SEBlx7TedyIgQ+wZQbUMOkkgJwjkZZ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2003 Lucersoft
InternalName: LCISOCreator
FileVersion: 1, 1, 0, 0
CompanyName: Lucersoft
PrivateBuild: 
LegalTrademarks: 
Comments: Version for Windows NT/2000/XP/2003/2004/2005/2006 ... 10002 ;-) This application is free for use.
ProductName: LCISOCreator
SpecialBuild: 
ProductVersion: 1, 1, 0, 0
FileDescription: LCISOCreator
OriginalFilename: LCISOCreator.EXE
Translation: 0x0409 0x04b0

Backdoor:Win32/Beksnoc.A also known as:

K7AntiVirusTrojan ( 002bbdec1 )
DrWebTrojan.PWS.Turist.1
ALYacTrojan.GenericKD.34996777
CylanceUnsafe
ZillyaTrojan.PornoAsset.Win32.1031
SangforBackdoor.Win32.Beksnoc.A
AlibabaRansom:Win32/PornoAsset.27a5d79d
K7GWTrojan ( 002bbdec1 )
Cybereasonmalicious.378a1f
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/RDPdoor.AH
APEXMalicious
AvastWin32:RDPdoor-C [Trj]
KasperskyTrojan-Ransom.Win32.PornoAsset.cqos
BitDefenderTrojan.GenericKD.34996777
NANO-AntivirusTrojan.Win32.Beksnoc.jomgi
MicroWorld-eScanTrojan.GenericKD.34996777
TencentWin32.Trojan.Pornoasset.Dwti
Ad-AwareTrojan.GenericKD.34996777
SophosMal/Generic-S
ComodoMalware@#3k7ms0u805lkl
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Emotet.ch
FireEyeTrojan.GenericKD.34996777
EmsisoftTrojan.GenericKD.34996777 (B)
JiangminTrojan/PornoAsset.aoy
WebrootW32.Trojan.Gen
eGambitGeneric.Backdoor
MicrosoftBackdoor:Win32/Beksnoc.A
ArcabitTrojan.Generic.D2160229
AegisLabTrojan.Win32.PornoAsset.j!c
GDataTrojan.GenericKD.34996777
TACHYONTrojan/W32.Agent.113149
AhnLab-V3Trojan/Win32.Gen
McAfeeArtemis!1196A6A378A1
MAXmalware (ai score=100)
VBA32Hoax.PornoAsset
PandaTrj/CI.A
RisingRansom.PornoAsset!8.6AA (CLOUD)
YandexTrojan.GenAsa!q5zelyiN+iw
IkarusTrojan-Ransom.PornoAsset
FortinetW32/RDPdoor.AH
AVGWin32:RDPdoor-C [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.PornoAsset.HgIASOUA

How to remove Backdoor:Win32/Beksnoc.A?

Backdoor:Win32/Beksnoc.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment