Categories: Backdoor

About “Backdoor:Win32/Berbew!pz” infection

The Backdoor:Win32/Berbew!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Berbew!pz virus can do?

Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Sample contains Overlay data
Creates an indicator observed in Territorial Disputes report SIG40
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Berbew!pz?


File Info:
name: 8BFC22D44A1B800895D0.mlwpath: /opt/CAPEv2/storage/binaries/ce61d5cbc630e99932fabad967105cd5bd91260955e6d24e52e8fc004c74226ccrc32: 6B6E77E6md5: 8bfc22d44a1b800895d0e527d9694531sha1: 30a092bd76484c180d95e464334a42e28ecbea2csha256: ce61d5cbc630e99932fabad967105cd5bd91260955e6d24e52e8fc004c74226csha512: 0693589a30dd7aeb2f13e47710e8340707ff5af08bd9761bf8286ea23ea2424dca4933a1f30578109d8739f53eee5f48702ae095711422fe3da7c24c64261b8dssdeep: 3072:Nee2ry0ByUWwO641drOujQlZDit4Sp+7H7wWkqrifbdB7dYk1Bx8DpsV6OzrCIws:NeL+OqwO641drslNitBOHhkym/89bKwstype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18314596A97F40F96F6B5027396059344F78D033AEEAF8727CA44520CF1DEA1783E9A50sha3_384: 81e14e216525a8793a57b42e2f30248155fa3759620f770e108a31e67c42ebf3062748c1cd65c1a8bc04757325106d3eep_bytes: 90b8001040009090bb38de4000b92d70timestamp: 1987-08-01 05:39:38
Version Info:
0: [No Data]

Backdoor:Win32/Berbew!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Padodor.m!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.ShellObject.mWZ@aeFgVVo
ClamAV	Win.Packed.Lazy-10005438-0
FireEye	Generic.mg.8bfc22d44a1b8008
CAT-QuickHeal	Trojan.GenericIH.S13286062
Skyhigh	BehavesLike.Win32.Generic.ch
McAfee	GenericRXPE-AP!851073160D5A
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005780dd1 )
Alibaba	Backdoor:Win32/Padodor.b8b1e8ee
K7GW	Trojan ( 005780dd1 )
Cybereason	malicious.d76484
BitDefenderTheta	AI:Packer.20D60B8521
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	Win32/Padodor.AB
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Padodor.gen
BitDefender	Gen:Trojan.ShellObject.mWZ@aeFgVVo
NANO-Antivirus	Trojan.Win32.Padodor.ixbtvs
Avast	Win32:Padodor-V [Trj]
Tencent	Backdoor.Win32.Padodor.kp
TACHYON	Backdoor/W32.Padodor
Emsisoft	Gen:Trojan.ShellObject.mWZ@aeFgVVo (B)
F-Secure	Trojan.TR/Crypt.XDR.Gen
DrWeb	BackDoor.Wdozer
VIPRE	Gen:Trojan.ShellObject.mWZ@aeFgVVo
TrendMicro	TROJ_GEN.R002C0DLT23
Trapmine	malicious.high.ml.score
Sophos	Mal/Padodor-A
Ikarus	Backdoor.Win32.Padodor
GData	Gen:Trojan.ShellObject.mWZ@aeFgVVo
Jiangmin	Backdoor.Padodor.exys
Google	Detected
Avira	TR/Crypt.XDR.Gen
Antiy-AVL	Trojan[Proxy]/Win32.Qukart.gen
Arcabit	Trojan.ShellObject.E33FF2
ViRobot	Trojan.Win.Z.Padodor.202899.OJO
ZoneAlarm	Backdoor.Win32.Padodor.gen
Microsoft	Backdoor:Win32/Berbew!pz
Varist	W32/Backdoor.DKIC-2994
AhnLab-V3	Win-Trojan/Berbew.51712
Acronis	suspicious
VBA32	Backdoor.Padodor
ALYac	Gen:Trojan.ShellObject.mWZ@aeFgVVo
MAX	malware (ai score=85)
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0DLT23
Rising	Backdoor.Padodor!8.118 (TFE:5:fgpvVm3eZVO)
Yandex	Trojan.GenAsa!p1fO5hhCx5A
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.B077!tr
AVG	Win32:Padodor-V [Trj]
DeepInstinct	MALICIOUS