Backdoor

Backdoor:Win32/CobaltStrike!MTB removal

Malware Removal

The Backdoor:Win32/CobaltStrike!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/CobaltStrike!MTB virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time

How to determine Backdoor:Win32/CobaltStrike!MTB?



File Info:

crc32: CC8CD4D6
md5: 7a4476155000dc40b1fd5e072cbda368
name: 7A4476155000DC40B1FD5E072CBDA368.mlw
sha1: e5e7b636179ff9d586bc53424c46b9ed6a6f8937
sha256: dbef3369c686529f60b2e1cdf5090f31122f5d6a53e6112eea4078a805e5c455
sha512: 5120e9390430aa7087c760b1502a498b99757c6b354790e6237995a4d6d87c01ee5a8eef78db3d7a964ccd007f19074b7e589a61446e6b978228c61ec98db845
ssdeep: 6144:U1f8dOciaoAkpbnFumhUfgIY3gpeysqekOhPeLGrmLP:qf8oaUpbyHIqKOGr+
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright Opera Software 2017
InternalName: Opera
FileVersion: 43.0.2442.1144
CompanyName: Opera Software
ProductName: Opera crash-reporter
ProductVersion: 43.0.2442.1144
FileDescription: Opera crash-reporter
Translation: 0x0409 0x04b0

Backdoor:Win32/CobaltStrike!MTB also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0057e61a1 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacTrojan.GenericKDZ.76033
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojan:Win32/Kryptik.4499a422
K7GWTrojan ( 0057e61a1 )
Cybereasonmalicious.6179ff
CyrenW32/Kryptik.EKF.gen!Eldorado
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.HLLM
APEXMalicious
AvastWin32:DangerousSig [Trj]
KasperskyHackTool.Win32.Cobalt.ahv
BitDefenderTrojan.GenericKDZ.76033
MicroWorld-eScanTrojan.GenericKDZ.76033
Ad-AwareTrojan.GenericKDZ.76033
SophosMal/Generic-R + Mal/EncPk-APV
ComodoTrojWare.Win32.Agent.quzix@0
BitDefenderThetaGen:NN.ZexaF.34758.ty1@aK1BVvni
TrendMicroTROJ_GEN.R002C0DFO21
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.7a4476155000dc40
EmsisoftTrojan.GenericKDZ.76033 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
AviraTR/Crypt.Agent.dcpsi
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftBackdoor:Win32/CobaltStrike!MTB
AegisLabTrojan.Win32.Malicious.4!c
GDataWin32.Trojan.CobaltStrike.UIO9DF
AhnLab-V3Trojan/Win.Agent.R427273
Acronissuspicious
McAfeeRDN/Generic BackDoor
MAXmalware (ai score=87)
VBA32BScope.Trojan.Bsymem
MalwarebytesTrojan.Crypt
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0DFO21
RisingTrojan.Generic@ML.100 (RDML:iwe4i764fGPYGMahH0GIvA)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HLLM!tr
AVGWin32:DangerousSig [Trj]
Paloaltogeneric.ml

How to remove Backdoor:Win32/CobaltStrike!MTB?

Backdoor:Win32/CobaltStrike!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment