Categories: Backdoor

Backdoor:Win32/Kelihos!rfn removal instruction

The Backdoor:Win32/Kelihos!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Kelihos!rfn virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Backdoor:Win32/Kelihos!rfn?


File Info:
name: 090F2BDFC3E18DD44066.mlwpath: /opt/CAPEv2/storage/binaries/6876b474fbc6e906ccf630c0335404aa662fddb0c91adc36a40512755a6035a8crc32: 752C4002md5: 090f2bdfc3e18dd4406636c4b26bc707sha1: 74621f82b9a627e246d63e365dd175b3e06fd2dasha256: 6876b474fbc6e906ccf630c0335404aa662fddb0c91adc36a40512755a6035a8sha512: 3952b8646bfe21a91777b03ceb4ac785f6e470cecab3d28cbc1cd86df748ed31c58da5f107d458635f07290d29b3266f5efd14b874c90c8c81effe591f0d8900ssdeep: 1536:9485TFmI7hCJZuV8ueQxyTJ9+Iqadyj7RSDVODaPXfPIqQ0k2HiK:97n7hCJZu6uMl9fnyXRcXHIqjk2CKtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T148B37DB523D41833D462C1F0CAA6CA86496A6EF1075FE1D35B47AE7F0438980F66D61Fsha3_384: f3c010b6b26cf42d0658439cd3242a4187e44053fd5b312a1f4f616b5dea081008cb20290c14a7c9c4baeceb692d72f1ep_bytes: 558bec6aff68e0844000686c78400064timestamp: 2016-12-26 16:31:55
Version Info:
Comments: CompanyName: FileDescription: FrameGrabber Microsoft退FileVersion: 1, 0, 0, 1InternalName: FrameGrabberLegalCopyright:  (C) 2004LegalTrademarks: OriginalFilename: FrameGrabber.EXEPrivateBuild: ProductName: FrameGrabber ProductVersion: 1, 0, 0, 1SpecialBuild: Translation: 0x100c 0x04e3

Backdoor:Win32/Kelihos!rfn also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	BackDoor.Siggen2.1668
Cynet	Malicious (score: 100)
FireEye	Generic.mg.090f2bdfc3e18dd4
CAT-QuickHeal	Trojan.Generic.ZZ4
ALYac	Trojan.Agent.CCNG
Cylance	Unsafe
VIPRE	LooksLike.Win32.Crowti.b (v)
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 005017a41 )
K7AntiVirus	Trojan ( 005017a41 )
BitDefenderTheta	Gen:NN.ZexaF.34182.hy3@ayO6Yrib
Cyren	W32/S-70a7bd7d!Eldorado
Symantec	W32.Waledac
ESET-NOD32	a variant of Win32/Injector.DJHH
APEX	Malicious
ClamAV	Win.Malware.AppWizard-9834713-1
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Agent.CCNG
MicroWorld-eScan	Trojan.Agent.CCNG
Avast	Win32:InjectorX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10b69d49
Emsisoft	Trojan.Agent.CCNG (B)
Comodo	Backdoor.Win32.Kelihos.SA@6x4cmf
Zillya	Trojan.Injector.Win32.454735
TrendMicro	Ransom_HPCERBER.SMJA
McAfee-GW-Edition	Trojan-FKTT!090F2BDFC3E1
Sophos	Mal/Zbot-UR
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDownloader.Agent.fkop
Avira	TR/Dropper.Gen
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.1DB0BB4
Microsoft	Backdoor:Win32/Kelihos!rfn
ViRobot	Trojan.Win32.Agent.1086007
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.Agent.CCNG
AhnLab-V3	Trojan/Win32.Agentb.R192625
McAfee	Trojan-FKTT!090F2BDFC3E1
VBA32	Heur.Malware-Cryptor.Hlux
Malwarebytes	Malware.AI.2198961971
TrendMicro-HouseCall	Ransom_HPCERBER.SMJA
Rising	Malware.Obscure/Heur!1.A89E (RDMK:cmRtazr/Ibl7tk/TUuuAjYqGEq6x)
Yandex	Trojan.GenAsa!MZkjOYE1b8k
Ikarus	Trojan.Win32.Injector
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Generic.AC.3BC76D!tr
AVG	Win32:InjectorX-gen [Trj]
Cybereason	malicious.fc3e18
Panda	Trj/Genetic.gen