Categories: Backdoor

Backdoor:Win32/Drateam.B removal instruction

The Backdoor:Win32/Drateam.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Drateam.B virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Creates a copy of itself
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Drateam.B?


File Info:
name: B348C491827D7452FE24.mlwpath: /opt/CAPEv2/storage/binaries/26734dae2075893a1d43caaef75b1bcd24b2ca2b45c13930c882173c389fe6c4crc32: 99451503md5: b348c491827d7452fe24f47f0a37f680sha1: a892e03245435753ac7ffe0cc6ad84d6e8eab6absha256: 26734dae2075893a1d43caaef75b1bcd24b2ca2b45c13930c882173c389fe6c4sha512: 4c02c57093fdedc578f6ae0b986e0f799a2f71ff6f385708e2a5945ed7f1472d29100b5d59b5b7c38a211cbd3830f7b8e8672bae5647c80cf5b863478f18d647ssdeep: 12288:migdXpTXKd/GFv+k4FDCb7z+AFg2r1NalC0QB5m4MOTP6FW7s:pgdXBXKov+k4FWbn+X2res5BQQuU4type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T163A4F131F7C18037C30408BD9C8EE7B6AB3DB7741C1159D2B9AA1F9D88AE3851A5D2D6sha3_384: 56cdf6a2479248c1453a116eede42765b3e778268249508582d83ec681793850053dad0b9574e8965b5d8e541436e350ep_bytes: 8d84c000010401e90004000099ede946timestamp: 1992-06-19 22:22:17
Version Info:
0: [No Data]

Backdoor:Win32/Drateam.B also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Hupigon.lpZn
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen19.30647
MicroWorld-eScan	Gen:Trojan.Heur.RP.BCW@b8D24k
FireEye	Generic.mg.b348c491827d7452
Skyhigh	BehavesLike.Win32.Dropper.gc
McAfee	GenericRXGJ-QF!B348C491827D
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Trojan.Heur.RP.BCW@b8D24k
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Password-Stealer ( 00114c091 )
BitDefender	Gen:Trojan.Heur.RP.BCW@b8D24k
K7GW	Password-Stealer ( 00114c091 )
Cybereason	malicious.245435
BitDefenderTheta	AI:Packer.533536391D
VirIT	Trojan.Win32.SHeur2.BTQG
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.PeCancer.E suspicious
APEX	Malicious
ClamAV	Win.Trojan.Hupigon-26971
Kaspersky	Trojan-Dropper.Win32.Daws.bwks
Alibaba	Backdoor:Win32/Drateam.eb5caf9f
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Rising	Trojan.AntiAV!1.647B (CLASSIC)
Sophos	Mal/Generic-S
F-Secure	Backdoor.BDS/Backdoor.Gen
Zillya	Trojan.OnLineGames.Win32.41883
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Trojan.Heur.RP.BCW@b8D24k (B)
Ikarus	Trojan.Win32.Agent
Jiangmin	Backdoor/Delf.okk
Webroot	W32.Backdoor.Gen
Google	Detected
Avira	BDS/Backdoor.Gen
Varist	W32/SuspPack.DT.gen!Eldorado
Antiy-AVL	Trojan[Packed]/Win32.PePatch
Kingsoft	Win32.HeurC.KVM005.a
Microsoft	Backdoor:Win32/Drateam.B
Xcitium	Suspicious@#1929hv2dgbdqp
Arcabit	Trojan.Heur.RP.E89F32
ZoneAlarm	Trojan-Dropper.Win32.Daws.bwks
GData	Gen:Trojan.Heur.RP.BCW@b8D24k
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.CSon.R302
VBA32	BScope.Trojan.CDur
ALYac	Gen:Trojan.Heur.RP.BCW@b8D24k
TACHYON	Trojan-PWS/W32.WebGame.453660
DeepInstinct	MALICIOUS
Cylance	unsafe
Panda	Generic Malware
Tencent	Win32.Trojan-Dropper.Daws.Itgl
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/SpyAgent.F!tr
AVG	Win32:BackdoorX-gen [Trj]
Avast	Win32:BackdoorX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)