Backdoor

Backdoor:Win32/Botgor.B malicious file

Malware Removal

The Backdoor:Win32/Botgor.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Botgor.B virus can do?

  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Creates a copy of itself
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Botgor.B?



File Info:

name: 07C946AB934D72182905.mlw
path: /opt/CAPEv2/storage/binaries/fd40e344664bf6bd612d7834a8c7a1c7806e5310e08607be7f824b62b01865e8
crc32: 889E4738
md5: 07c946ab934d721829059d5b03b49a10
sha1: 2e119129d4bdd0beb61ac2ddcc18e3bd20e2e1f0
sha256: fd40e344664bf6bd612d7834a8c7a1c7806e5310e08607be7f824b62b01865e8
sha512: c427b29c720b6aebfe1104eaad217b26d5553e137f7cea0ceabc2b711754e9794bb863639f23939444075590968af5845cc39c4b7073f2e565ee2fd3fcf5962a
ssdeep: 1536:h+gi2i/OTW1bk3FwErVAHcTMBignpwLsO9NXw6dczv:h6Z1bk1FVAHcTyO4O9fczv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11BE3E601A4914021EC5310B9DD6E8BF831685DD12F4B29FBC3A6FF7E0B319F2A5B255A
sha3_384: 16802a02fe991dde2a42a3377d3726a1153b0f8b8a784e7164483b0a06b307562789cbfc938d34528ece49a41d5ae2c7
ep_bytes: 558bec83ec088d45fc506a006a006820
timestamp: 2008-08-29 13:01:43


Version Info:

Translation: 0x0000 0x04b0
Comments: Spreadsheet Compare Utility
CompanyName: Microsoft
FileDescription: Spreadsheet Compare
FileVersion: 5.5.0.5
InternalName: SpreadsheetCompare.exe
LegalCopyright: Copyright© Microsoft 2008-2011
OriginalFilename: SpreadsheetCompare.exe
ProductName: Enterprise Risk Manager
ProductVersion: 5.5.0.5
Assembly Version: 5.5.0.5

Backdoor:Win32/Botgor.B also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Backdoor.Agent.A
SkyhighBehavesLike.Win32.Dropper.cm
ALYacWin32.Backdoor.Agent.A
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( f10005021 )
K7GWTrojan ( f10005021 )
Cybereasonmalicious.b934d7
ArcabitWin32.Backdoor.Agent.A
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Botgor
APEXMalicious
McAfeeBackDoor-DSE.b
ClamAVWin.Malware.Botgor-9853222-0
KasperskyWorm.Win32.Burn.b
BitDefenderWin32.Backdoor.Agent.A
NANO-AntivirusTrojan.Win32.Generic.wdwvx
AvastWin32:Agent-ADAU [Trj]
TencentWorm.Win32.Burn.a
EmsisoftWin32.Backdoor.Agent.A (B)
GoogleDetected
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebBackDoor.Siggen.46270
VIPREWin32.Backdoor.Agent.A
TrendMicroBKDR_BOTGOR.SML
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.07c946ab934d7218
SophosW32/Burn-Gen
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Agent.bfic
VaristW32/Heuristic-114!Eldorado
AviraTR/Crypt.XPACK.Gen
Antiy-AVLWorm/Win32.Burn
Kingsoftmalware.kb.a.1000
XcitiumBackdoor.Win32.Agent.~APQ@4ud5h
MicrosoftBackdoor:Win32/Botgor.B
ZoneAlarmWorm.Win32.Burn.b
GDataWin32.Trojan.Botgor.A
CynetMalicious (score: 100)
AhnLab-V3Worm/Win.Burn.C5606811
BitDefenderThetaAI:FileInfector.A44F3C4816
MAXmalware (ai score=88)
VBA32BScope.Backdoor.Botgor
Cylanceunsafe
PandaW32/BotNet.K
TrendMicro-HouseCallBKDR_BOTGOR.SML
RisingVirus.Botgor!1.D115 (CLASSIC)
YandexTrojan.GenAsa!D907akwlPeY
IkarusBehavesLike.Win32.ProcessHijack
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Botgor.A
AVGWin32:Agent-ADAU [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudTrojan:Win/Botgor.A(dyn)

How to remove Backdoor:Win32/Botgor.B?

Backdoor:Win32/Botgor.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment