Backdoor

Backdoor:Win32/IRCbot!J (file analysis)

Malware Removal

The Backdoor:Win32/IRCbot!J is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/IRCbot!J virus can do?

  • Authenticode signature is invalid

How to determine Backdoor:Win32/IRCbot!J?



File Info:

name: 509E3D4839688C617398.mlw
path: /opt/CAPEv2/storage/binaries/d1c58f03e7fc228db995928f22016eb325fefa95844ad824e133cf86d3426ad6
crc32: 61CCCBD0
md5: 509e3d4839688c6173980dfba22ebd55
sha1: 722da1cfcc627486830cb22a02efb09d22373dd4
sha256: d1c58f03e7fc228db995928f22016eb325fefa95844ad824e133cf86d3426ad6
sha512: 28f77bdd825e504dff4ed1a5c53d19006825a78b47d3c79c4384aad7d27a19c550442a24b7c61ba3f380f56b7287322e6d9d39d8e0d71bfabdb148327c742783
ssdeep: 3072:Kmo8EvmkmU6z82DG6m0J23LIgPjAyOvPkbvkTKutmL:evmpz82sCK97tckbvGK/L
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F149E3235C1C037D667017ACDC9D739AAF2F4A04F3A95437BD50B8E6E206A39A36352
sha3_384: 379218eda14b7ed08a47debef835feb4df924fd248d5229673812e2ffd9b3804ca610299621cb81d1a7cba3410357778
ep_bytes: e8e1970000e916feffff8b44240485c0
timestamp: 2008-04-06 10:17:13


Version Info:

0: [No Data]

Backdoor:Win32/IRCbot!J also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.m!c
CynetMalicious (score: 100)
FireEyeGeneric.mg.509e3d4839688c61
McAfeeExploit-DcomRpc.c.gen
CylanceUnsafe
VIPREGen:Trojan.IRC-Backdoor.mmW@aSkrVOi
SangforBackdoor.Win32.Agent.buxin
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Trojan.IRC-Backdoor.mmW@aSkrVOi
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.839688
VirITBackdoor.Win32.RBot.LT
CyrenW32/Backdoor.FEXY-0524
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/IRCBot.BBM
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Exploit.13525-1
KasperskyBackdoor.Win32.Agent.ggw
AlibabaBackdoor:Win32/IRCBot.7bd9583f
NANO-AntivirusTrojan.Win32.Agent.sifj
ViRobotBackdoor.Win32.Agent.200704
MicroWorld-eScanGen:Trojan.IRC-Backdoor.mmW@aSkrVOi
AvastWin32:Trojan-gen
TencentWin32.Backdoor.Agent.Rimw
Ad-AwareGen:Trojan.IRC-Backdoor.mmW@aSkrVOi
EmsisoftGen:Trojan.IRC-Backdoor.mmW@aSkrVOi (B)
ComodoBackdoor@#ed5u9scfaqfk
DrWebDLOADER.Trojan
ZillyaBackdoor.Agent.Win32.21622
TrendMicroTROJ_DCOMRPC.AN
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.ch
Trapminemalicious.moderate.ml.score
SophosMal/Behav-001
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.IRC-Backdoor.mmW@aSkrVOi
JiangminBackdoor/Agent.ayre
WebrootW32.Trojan.Trojan-Backdoor.Gen.
AviraTR/Spy.Gen
Antiy-AVLTrojan/Generic.ASMalwS.61
KingsoftWin32.Hack.Agent.g.(kcloud)
ArcabitTrojan.IRC-Backdoor.EC319B
ZoneAlarmBackdoor.Win32.Agent.ggw
MicrosoftBackdoor:Win32/IRCbot.gen!J
GoogleDetected
VBA32Backdoor.Agent
ALYacGen:Trojan.IRC-Backdoor.mmW@aSkrVOi
MAXmalware (ai score=100)
MalwarebytesMalware.AI.3781141763
TrendMicro-HouseCallTROJ_DCOMRPC.AN
RisingBackdoor.Win32.IRCbot.cli (CLASSIC)
YandexTrojan.GenAsa!Kj/XOU4uzfE
IkarusTrojan.Win32.IRCBot
MaxSecureTrojan.Malware.2043244.susgen
FortinetDcomRpc!exploit
BitDefenderThetaAI:Packer.0E1263121E
AVGWin32:Trojan-gen
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/IRCbot!J?

Backdoor:Win32/IRCbot!J removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment