Backdoor

Backdoor:Win32/Dridex.AA!MSR removal

Malware Removal

The Backdoor:Win32/Dridex.AA!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Dridex.AA!MSR virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the DridexV4 malware family
  • Harvests cookies for information gathering

How to determine Backdoor:Win32/Dridex.AA!MSR?



File Info:

name: 8C54BBE3F191A8627BFE.mlw
path: /opt/CAPEv2/storage/binaries/f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555
crc32: 8E48C49F
md5: 8c54bbe3f191a8627bfeeb4cb02634a9
sha1: 2fc2ecbed153344557386e80a2fbd097bf795559
sha256: f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555
sha512: 752d4bb22765373f7ee185acc42b73d5f2b75ae46ed995bf2f59486038a512eca30c5ecf040541cc2833df005ee17db00a0ec5ae802b677ff468f256ea53ecd2
ssdeep: 98304:556LOFQCSMkpjLzCq37suo9LtkYzQi0YSUiBDXfN/:5sLOqCkLzDouoOS36XV/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11EF52302BAD38871E572193A4C69A716ACBD3D701E389A2EF7809FADD5301D1F531B63
sha3_384: 1da83c55dc486f0e2619c13578133867662d120745b84289ae30b18904420166f80d3ed3027eef48fd4da1ab918e8a47
ep_bytes: e85a040000e98efeffff3b0dc8a14300
timestamp: 2019-04-27 20:03:27


Version Info:

0: [No Data]

Backdoor:Win32/Dridex.AA!MSR also known as:

BkavW32.AIDetect.malware2
LionicTrojan.BAT.Crypter.tqa8
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.Ransom.GenericKD.34036779
McAfeeRansomware-GRP!8C54BBE3F191
CylanceUnsafe
VIPRETrojan.Ransom.GenericKD.34036779
SangforTrojan.Win32.Kryptik.GXEG
K7AntiVirusTrojan ( 005598361 )
BitDefenderTrojan.Ransom.GenericKD.34036779
K7GWTrojan ( 005598361 )
Cybereasonmalicious.3f191a
ArcabitTrojan.Ransom.Generic.D2075C2B
VirITTrojan.Win32.Ransom.BUZ
CyrenW32/BrowserFox.J.gen!Eldorado
SymantecDownloader
ESET-NOD32a variant of Win32/Kryptik.GXEG
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.DelShad.ayr
AlibabaBackdoor:Win32/DelShad.548b5aca
NANO-AntivirusTrojan.Win32.Kryptik.gfywks
RisingTrojan.Generic@AI.94 (RDMK:Yv87stkxzkR/pgdr3nU60Q)
Ad-AwareTrojan.Ransom.GenericKD.34036779
SophosMal/Generic-R + Troj/Ransom-FRY
ComodoMalware@#2ca7pnpwvyg91
DrWebTrojan.MulDrop11.19507
TrendMicroRansom.Win32.BITPAYMER.TGACAO
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
FireEyeTrojan.Ransom.GenericKD.34036779
EmsisoftTrojan.Ransom.GenericKD.34036779 (B)
WebrootW32.DelShad
AviraHEUR/AGEN.1207386
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.422
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftBackdoor:Win32/Dridex.AA!MSR
ViRobotTrojan.Win32.S.Ransom.3400143
ZoneAlarmTrojan.Win32.DelShad.ayr
GDataTrojan.Ransom.GenericKD.34036779
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.DoppelPaymer.C3549463
ALYacTrojan.Ransom.Filecoder
TACHYONRansom/W32.DoppelPaymer.3400143
VBA32BScope.Trojan.Yakes
MalwarebytesMalware.AI.4286323650
PandaTrj/CI.A
TrendMicro-HouseCallRansom.Win32.BITPAYMER.TGACAO
TencentWin32.Trojan.Kryptik.Ecam
YandexTrojan.GenAsa!0AFHhhmQhWE
IkarusTrojan-Ransom.Doppelpaymer
MaxSecureTrojan.Malware.119086003.susgen
FortinetW32/DelShad.AYR!tr
AVGWin32:DangerousSig [Trj]
AvastWin32:DangerousSig [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Dridex.AA!MSR?

Backdoor:Win32/Dridex.AA!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment