Backdoor

Backdoor:Win32/Berbew!pz (file analysis)

Malware Removal

The Backdoor:Win32/Berbew!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Berbew!pz virus can do?

  • Sample contains Overlay data
  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Berbew!pz?



File Info:

name: AFA6306F249139B2F4EC.mlw
path: /opt/CAPEv2/storage/binaries/8072ee4159d19479272396c4387c263596142c1c68fbfc70cb7915d81c294d32
crc32: CD67216B
md5: afa6306f249139b2f4ec7a994be0c7f4
sha1: aa70496905bd3d3c82ed2c19b3044490bab8d3cd
sha256: 8072ee4159d19479272396c4387c263596142c1c68fbfc70cb7915d81c294d32
sha512: 5de725e3bce718d843ee2987be352ff96dd81f8495c20c399c9757c5755f093f7e013551054eacfb7f0d4a040cf61c9dd65be741cd0a6c2560cf3f34dfdfa8a2
ssdeep: 1536:NgQkSilmNzyqWwu8rjwH6g/Q5YMkhohBE8VGh:NgQj7yAu6jo6q8UAEQGh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17E836CE7A91417B2F2DE0271B39AC4D1F62496FC63658FB09444C13D3253EABD67AB80
sha3_384: 9a01954eb92b692f7148135c86049daaf0a4b969ca3c60d292377da751ce9778dcf8a55ebded887db99d72b3e801201c
ep_bytes: 9090b800104000bbd08e400090b97f51
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Backdoor:Win32/Berbew!pz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Berbew.h!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.ShellObject.f8X@aaHqO5d
ClamAVWin.Packed.Razy-10010080-0
CAT-QuickHealBackdoor.Berbew.A6.MUE
SkyhighBehavesLike.Win32.Generic.mh
McAfeeGenericRXVP-YB!AFA6306F2491
Cylanceunsafe
VIPREGen:Trojan.ShellObject.f8X@aaHqO5d
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
AlibabaBackdoor:Win32/Berbew.36d
K7GWTrojan ( 005780dd1 )
Cybereasonmalicious.905bd3
BaiduWin32.Trojan-Spy.Quart.a
SymantecBackdoor.Berbew.F
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.Qukart
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Proxy.Win32.Qukart.gen
BitDefenderGen:Trojan.ShellObject.f8X@aaHqO5d
NANO-AntivirusTrojan.Win32.Qukart.fokxzm
AvastWin32:TrojanX-gen [Trj]
TencentTrojan-Proxy.Win32.Qukart.ho
TACHYONBackdoor/W32.Padodor
SophosMal/Generic-S
F-SecureTrojan.TR/Crypt.ZPACK.Gen2
DrWebTrojan.Siggen13.42746
ZillyaTrojan.Qukart.Win32.3165728
TrendMicroTROJ_GEN.R03BC0CL623
EmsisoftGen:Trojan.ShellObject.f8X@aaHqO5d (B)
IkarusTrojan-Downloader.Win32.Berbew
JiangminTrojanProxy.Qukart.hvmo
GoogleDetected
AviraTR/Crypt.ZPACK.Gen2
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Berbew!pz
ArcabitTrojan.ShellObject.ED50C4
ZoneAlarmTrojan-Proxy.Win32.Qukart.gen
GDataWin32.Trojan.PSE.1VR6SI3
VaristW32/S-705d01a1!Eldorado
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
BitDefenderThetaAI:Packer.8C79284021
MAXmalware (ai score=81)
VBA32BScope.Backdoor.Berbew
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R03BC0CL623
RisingBackdoor.Berbew!1.AE0A (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.FBNK!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Berbew!pz?

Backdoor:Win32/Berbew!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment