Categories: Backdoor

About “Backdoor:Win32/Fynloski.M” infection

The Backdoor:Win32/Fynloski.M is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Fynloski.M virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
Drops a binary and executes it
Performs some HTTP requests
Executed a process and injected code into it, probably while unpacking
Sniffs keystrokes
Creates a hidden or system file
Attempts to modify proxy settings
Creates a copy of itself
Interacts with known DarkComet registry keys

Related domains:

z.whorecord.xyz

a.tomx.xyz

imean333.zapto.org

dl.dropbox.com

ocsp.digicert.com

How to determine Backdoor:Win32/Fynloski.M?


File Info:
crc32: 76BA1049md5: cf5dbc0790d50bbad286943bf36663faname: CF5DBC0790D50BBAD286943BF36663FA.mlwsha1: af4c0d018b97642c636e5c171e7d18b21da8f866sha256: 4880b4ab671fc4dea8a8c9bc56dd97be9210ac4fd13b89769370963c1538d8b6sha512: ceb479942dfe9a50c32391645dd708f1fb6de485a5d07428926ed98612651d007b7c8a939e3e6c57c8957b67d618f66c7e29b2e0fc46975435d0e306b77707adssdeep: 12288:fIxLtO4os1P3Eme62ybrdhZtQ7lq3g63gUiQVmCsJ4uIDtKpYa6LIWPY:wBtDVP3EB6PTZtl3vbYisY8WPtype: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: Tonec Inc., Copyright xa9 1999 - 2013Assembly Version: 6.15.0.2InternalName: Asif.exeFileVersion: 6.15.0.2CompanyName: Tonec Inc.LegalTrademarks: Internet Download ManagerComments: Internet Download Manager (IDM)ProductName: Internet Download Manager (IDM)ProductVersion: 6.15.0.2FileDescription: Internet Download ManagerOriginalFilename: Asif.exe

Backdoor:Win32/Fynloski.M also known as:

K7AntiVirus	Trojan ( 700000121 )
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader5.59917
Cynet	Malicious (score: 100)
ALYac	Gen:Heur.MSIL.Androm.9
Cylance	Unsafe
Zillya	Trojan.Blocker.Win32.37508
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 700000121 )
Cybereason	malicious.790d50
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.BKI
APEX	Malicious
Avast	MSIL:Crypt-MI [Trj]
Kaspersky	Trojan-Ransom.Win32.Blocker.jljw
BitDefender	Gen:Heur.MSIL.Androm.9
NANO-Antivirus	Trojan.Win32.Blocker.dcivku
MicroWorld-eScan	Gen:Heur.MSIL.Androm.9
Tencent	Win32.Trojan.Blocker.Tayv
Ad-Aware	Gen:Heur.MSIL.Androm.9
Sophos	Mal/Generic-S
Comodo	Malware@#2eyebzxvdy0yf
BitDefenderTheta	Gen:NN.ZemsilF.34686.Pm0@a0JPscg
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Fareit.jh
FireEye	Generic.mg.cf5dbc0790d50bba
Emsisoft	Gen:Heur.MSIL.Androm.9 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Blocker.ede
Avira	HEUR/AGEN.1127714
eGambit	Unsafe.AI_Score_100%
Microsoft	Backdoor:Win32/Fynloski.M
Arcabit	Trojan.MSIL.Androm.9
AegisLab	Trojan.Win32.Blocker.j!c
GData	Gen:Heur.MSIL.Androm.9
AhnLab-V3	Trojan/Win32.RL_Blocker.C4016367
McAfee	GenericRXJU-YN!CF5DBC0790D5
MAX	malware (ai score=81)
VBA32	TrojanRansom.Blocker
Panda	Trj/CI.A
Rising	Ransom.Blocker!8.12A (CLOUD)
Yandex	Trojan.Blocker!0HBMtzbPdaY
Ikarus	Trojan-Ransom.Blocker
Fortinet	MSIL/Generic.DN.114B5F!tr
AVG	MSIL:Crypt-MI [Trj]
Paloalto	generic.ml