Categories: Backdoor

Backdoor:Win32/Fynloski.PA!MTB information

The Backdoor:Win32/Fynloski.PA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Fynloski.PA!MTB virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Likely virus infection of existing system binary
  • Creates a copy of itself
  • Interacts with known DarkComet registry keys
  • Creates known Fynloski/DarkComet mutexes
  • Anomalous binary characteristics
  • Contains RAT configuration for DarkComet (see Static Analysis tab)

Related domains:

whp.sytes.net

How to determine Backdoor:Win32/Fynloski.PA!MTB?



File Info:

crc32: 8668B9E3md5: 5bfe96a46da9f28596128a53a4bd888fname: main.exe.rarsha1: c6f1f82b5dcc02dcd70d535493059cfd6d2a5a20sha256: c14a5d52ae12b63c6de76d6426058eabc7efb8624fc35226bcb5e38b01b78f7asha512: 61e3f19ad5ed43e634e581ca3fd81474b86491800e30a4a5dfc3349c8d2f92a0195c8df13a4197a1f10c4d84dd0ab21456ac01109b6bfb7959c3e7fb95895234ssdeep: 49152:XgEjyITimeCXXlegnRZgKzZm5OLHSWSv90/NtWtQErZqNU8UJvibz9D+XGr4sbV7:XXjyyi0gfKzo8LHld1Dlxv7iiJtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 1999InternalName: MSRSAAPPFileVersion: 1, 0, 0, 1CompanyName: Microsoft Corp.Comments: Remote Service ApplicationProductName: Remote Service ApplicationProductVersion: 4, 0, 0, 0FileDescription: Remote Service ApplicationOriginalFilename: MSRSAAP.EXETranslation: 0x0409 0x04b0

Backdoor:Win32/Fynloski.PA!MTB also known as:

Bkav W32.OnGamesLTESFJVO.Trojan
MicroWorld-eScan MemScan:Win32.Jeefo.D
FireEye Generic.mg.5bfe96a46da9f285
CAT-QuickHeal Backdoor.Fynloski.A9
Qihoo-360 QVM41.1.Malware.Gen
McAfee Generic BackDoor.xa
Cylance Unsafe
VIPRE Backdoor.Win32.Fynloski.A (v)
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
BitDefender MemScan:Win32.Jeefo.D
K7GW Riskware ( 0040eff71 )
Cybereason malicious.46da9f
Invincea heuristic
BitDefenderTheta AI:Packer.C847E94B1C
Cyren W32/DelfInject.A.gen!Eldorado
Symantec Trojan.Klovbot
TotalDefense Win32/Fynloski.GEIIKeC
Baidu Win32.Backdoor.Agent.l
TrendMicro-HouseCall BKDR_FYNLOS.SMM
ClamAV Win.Trojan.DarkKomet-1
GData MemScan:Win32.Jeefo.D
Kaspersky Virus.Win32.Hidrag.a
NANO-Antivirus Trojan.Win32.Comet.bqolsq
APEX Malicious
Rising Malware.Heuristic!ET#100% (RDMK:cmRtazp7qNQQwotTr1uKz0D4H9qS)
Ad-Aware MemScan:Win32.Jeefo.D
Sophos W32/Jeefo-A
Comodo Backdoor.Win32.Agent.XAB@4of2bc
F-Secure Malware.W32/Jeefo.A
DrWeb BackDoor.Comet.134
Zillya Trojan.Fynloski.Win32.452
TrendMicro BKDR_FYNLOS.SMM
McAfee-GW-Edition BehavesLike.Win32.Backdoor.wh
Trapmine malicious.moderate.ml.score
Emsisoft MemScan:Win32.Jeefo.D (B)
SentinelOne DFI – Malicious PE
F-Prot W32/Jeefo.A
Jiangmin Backdoor/Azbreg.arx
Webroot W32.Rogue.Gen
Avira W32/Jeefo.A
MAX malware (ai score=88)
Antiy-AVL Virus/Win32.Hidrag.a
Kingsoft Win32.Hack.HuigeziT.cz
Endgame malicious (high confidence)
Arcabit Win32.Jeefo.D
ZoneAlarm Virus.Win32.Hidrag.a
Microsoft Backdoor:Win32/Fynloski.PA!MTB
AhnLab-V3 Win-Trojan/Graybird.678400
Acronis suspicious
VBA32 TScope.Trojan.Delf
ALYac MemScan:Win32.Jeefo.D
Malwarebytes Trojan.RemoteAccess
Panda Generic Malware
ESET-NOD32 Win32/Fynloski.AA
Tencent Backdoor.Win32.DarkKomet.zem
Yandex Trojan.Comet.Gen.LO
Ikarus Dropper.Patched
eGambit RAT.DarkComet
Fortinet W32/DarkKomet.ID!tr.bdr
AVG Win32:Gardih
Avast Win32:Gardih
CrowdStrike win/malicious_confidence_100% (D)
MaxSecure Backdoor.W32.Delf.aecw

How to remove Backdoor:Win32/Fynloski.PA!MTB?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor:Win32/Fynloski.PA!MTBMSRSAAPPwhp.sytes.net
4 years ago

Recent Posts

How to remove “PWS:Win32/Lmir.JJ”?

The PWS:Win32/Lmir.JJ is considered dangerous by lots of security experts. When this infection is active,…

8 mins ago

Malware.AI.263066098 malicious file

The Malware.AI.263066098 is considered dangerous by lots of security experts. When this infection is active,…

23 mins ago

Buzus.8 removal guide

The Buzus.8 is considered dangerous by lots of security experts. When this infection is active,…

33 mins ago

Babar.438741 removal instruction

The Babar.438741 is considered dangerous by lots of security experts. When this infection is active,…

33 mins ago

Generic.Dacic.94CCEEA9.A.4A493C3C (file analysis)

The Generic.Dacic.94CCEEA9.A.4A493C3C is considered dangerous by lots of security experts. When this infection is active,…

38 mins ago

Malware.AI.4217140835 removal guide

The Malware.AI.4217140835 is considered dangerous by lots of security experts. When this infection is active,…

39 mins ago