Categories: Backdoor

Backdoor:Win32/Dridex.AA!MSR removal

The Backdoor:Win32/Dridex.AA!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Dridex.AA!MSR virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the DridexV4 malware family
  • Harvests cookies for information gathering

How to determine Backdoor:Win32/Dridex.AA!MSR?



File Info:

name: 8C54BBE3F191A8627BFE.mlwpath: /opt/CAPEv2/storage/binaries/f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555crc32: 8E48C49Fmd5: 8c54bbe3f191a8627bfeeb4cb02634a9sha1: 2fc2ecbed153344557386e80a2fbd097bf795559sha256: f658ddcf8e87de957a81bb92d44ce02913b427e8bccbe663669ee2613d355555sha512: 752d4bb22765373f7ee185acc42b73d5f2b75ae46ed995bf2f59486038a512eca30c5ecf040541cc2833df005ee17db00a0ec5ae802b677ff468f256ea53ecd2ssdeep: 98304:556LOFQCSMkpjLzCq37suo9LtkYzQi0YSUiBDXfN/:5sLOqCkLzDouoOS36XV/type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11EF52302BAD38871E572193A4C69A716ACBD3D701E389A2EF7809FADD5301D1F531B63sha3_384: 1da83c55dc486f0e2619c13578133867662d120745b84289ae30b18904420166f80d3ed3027eef48fd4da1ab918e8a47ep_bytes: e85a040000e98efeffff3b0dc8a14300timestamp: 2019-04-27 20:03:27

Version Info:

0: [No Data]

Backdoor:Win32/Dridex.AA!MSR also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.BAT.Crypter.tqa8
Elastic malicious (moderate confidence)
MicroWorld-eScan Trojan.Ransom.GenericKD.34036779
McAfee Ransomware-GRP!8C54BBE3F191
Cylance Unsafe
VIPRE Trojan.Ransom.GenericKD.34036779
Sangfor Trojan.Win32.Kryptik.GXEG
K7AntiVirus Trojan ( 005598361 )
BitDefender Trojan.Ransom.GenericKD.34036779
K7GW Trojan ( 005598361 )
Cybereason malicious.3f191a
Arcabit Trojan.Ransom.Generic.D2075C2B
VirIT Trojan.Win32.Ransom.BUZ
Cyren W32/BrowserFox.J.gen!Eldorado
Symantec Downloader
ESET-NOD32 a variant of Win32/Kryptik.GXEG
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.DelShad.ayr
Alibaba Backdoor:Win32/DelShad.548b5aca
NANO-Antivirus Trojan.Win32.Kryptik.gfywks
Rising Trojan.Generic@AI.94 (RDMK:Yv87stkxzkR/pgdr3nU60Q)
Ad-Aware Trojan.Ransom.GenericKD.34036779
Sophos Mal/Generic-R + Troj/Ransom-FRY
Comodo Malware@#2ca7pnpwvyg91
DrWeb Trojan.MulDrop11.19507
TrendMicro Ransom.Win32.BITPAYMER.TGACAO
McAfee-GW-Edition BehavesLike.Win32.Generic.wc
FireEye Trojan.Ransom.GenericKD.34036779
Emsisoft Trojan.Ransom.GenericKD.34036779 (B)
Webroot W32.DelShad
Avira HEUR/AGEN.1207386
MAX malware (ai score=100)
Antiy-AVL Trojan/Generic.ASMalwS.422
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Backdoor:Win32/Dridex.AA!MSR
ViRobot Trojan.Win32.S.Ransom.3400143
ZoneAlarm Trojan.Win32.DelShad.ayr
GData Trojan.Ransom.GenericKD.34036779
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.DoppelPaymer.C3549463
ALYac Trojan.Ransom.Filecoder
TACHYON Ransom/W32.DoppelPaymer.3400143
VBA32 BScope.Trojan.Yakes
Malwarebytes Malware.AI.4286323650
Panda Trj/CI.A
TrendMicro-HouseCall Ransom.Win32.BITPAYMER.TGACAO
Tencent Win32.Trojan.Kryptik.Ecam
Yandex Trojan.GenAsa!0AFHhhmQhWE
Ikarus Trojan-Ransom.Doppelpaymer
MaxSecure Trojan.Malware.119086003.susgen
Fortinet W32/DelShad.AYR!tr
AVG Win32:DangerousSig [Trj]
Avast Win32:DangerousSig [Trj]
CrowdStrike win/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Dridex.AA!MSR?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor:Win32/Dridex.AA!MSR
2 years ago

Recent Posts

Lazy.280688 removal guide

The Lazy.280688 is considered dangerous by lots of security experts. When this infection is active,…

7 mins ago

Malware.AI.3454153382 information

The Malware.AI.3454153382 is considered dangerous by lots of security experts. When this infection is active,…

22 mins ago

Midie.100502 removal tips

The Midie.100502 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Malware.AI.3915743673 (file analysis)

The Malware.AI.3915743673 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Malware.AI.2034266737 removal

The Malware.AI.2034266737 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Trojan.Win32.Agent.xbmkmt removal tips

The Trojan.Win32.Agent.xbmkmt is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago