Backdoor:Win32/Codbot.BO (file analysis)

The Backdoor:Win32/Codbot.BO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:Win32/Codbot.BO virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Backdoor:Win32/Codbot.BO?


File Info:
name: 42B9081BB18C94AF7923.mlw
path: /opt/CAPEv2/storage/binaries/204641d3c1232f275db689af3f3ba7aacbd96cc104108f6d1385b0829c37c0ae
crc32: DFDA51AA
md5: 42b9081bb18c94af7923fcb4dfc2fd2d
sha1: 325221591489edb824f0d816f8face1f3cfc73ec
sha256: 204641d3c1232f275db689af3f3ba7aacbd96cc104108f6d1385b0829c37c0ae
sha512: adc2288b0c1d9760598b2ed7021fb033a80f75afd93cc2749c67414f026394cb5f3795d20128b16df2e4d71e42644598819221f6c8887fd12c51b1e2fdec3f53
ssdeep: 3072:POR67uUi0YRPvbazB9+EwHLTemoq4690MJ:s67NeXbGn+91S
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T191B312E32A77A5EFF20B57B741F912411DF4050D0B77407D6ECA7C47C9E06882A52B62
sha3_384: 004c6e27325f4005e893f16e2f89430d0b108190138a107c5698eb9f5fc23ff247392c371f99ea69d3877f9b8ed6eb78
ep_bytes: 65f637b7a19331c0cf1a6fd531134406
timestamp: 2005-08-02 18:31:32

Version Info:
0: [No Data]

Backdoor:Win32/Codbot.BO also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Sdbot.4!c
AVG	Win32:Evo-gen [Trj]
Elastic	malicious (high confidence)
MicroWorld-eScan	Worm.Sdbot.EMG
FireEye	Generic.mg.42b9081bb18c94af
Skyhigh	BehavesLike.Win32.RAHack.cc
ALYac	Worm.Sdbot.EMG
Malwarebytes	Malware.Heuristic.2046
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Riskware ( 00584baa1 )
Alibaba	Backdoor:Win32/Subsys.cbc140fe
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.bb18c9
BitDefenderTheta	Gen:NN.ZexaF.36802.giZ@aqZ2Bbp
Symantec	W32.Toxbot
ESET-NOD32	a variant of Generik.ZVKFRC
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Mybot-5037
Kaspersky	Trojan.Win32.Subsys.gen
BitDefender	Worm.Sdbot.EMG
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Trojan.Subsys.Ctgl
Emsisoft	Worm.Sdbot.EMG (B)
F-Secure	Trojan.TR/Patched.Ren.Gen
Zillya	Trojan.IRCBot.Win32.2242
TrendMicro	WORM_SDBOT.BBI
Trapmine	malicious.moderate.ml.score
Sophos	ML/PE-A
Ikarus	Backdoor.Win32.Codbot.AI
Jiangmin	Backdoor/Codbot.ac
Varist	W32/Sdbot.SAGB-9019
Avira	TR/Patched.Ren.Gen
Kingsoft	malware.kb.b.990
Microsoft	Backdoor:Win32/Codbot.BO
Xcitium	Malware@#1tqmqbvbzhrg7
Arcabit	Worm.Sdbot.EMG
ZoneAlarm	Trojan.Win32.Subsys.gen
GData	Worm.Sdbot.EMG
Google	Detected
McAfee	W32/Sdbot.bs.gen.ax
MAX	malware (ai score=100)
Cylance	unsafe
Panda	W32/Codbot.CQ.worm
TrendMicro-HouseCall	WORM_SDBOT.BBI
Rising	Trojan.Subsys!8.1237 (TFE:4:fjitq8Xevg)
Yandex	Backdoor.Codbot!A+raEs6B0g4
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.15877.susgen
Fortinet	W32/SpyBot.ZI!dam
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Worm:Win/Subsys.gen

How to remove Backdoor:Win32/Codbot.BO?

Backdoor:Win32/Codbot.BO removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X