Backdoor

How to remove “Backdoor:Win32/Koceg!atmnm”?

Malware Removal

The Backdoor:Win32/Koceg!atmnm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Koceg!atmnm virus can do?

  • Sample contains Overlay data
  • HTTPS urls from behavior.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Koceg!atmnm?



File Info:

name: 54091CF768B13D797BCC.mlw
path: /opt/CAPEv2/storage/binaries/da1291a2e81d5432ca81b6ce8601506aba61473241fcabdd099c6d0d705239dc
crc32: 780CE014
md5: 54091cf768b13d797bcc8c36b0a62de9
sha1: 41a4a4ac1fae5d5fd8d0b0aafe32f8ff878c7783
sha256: da1291a2e81d5432ca81b6ce8601506aba61473241fcabdd099c6d0d705239dc
sha512: 40b7fdec16c8b3c1056cb8d63bdfb8b607fe84bcf9bf17ccfcf674c278c70d9be0c83dfcf4875a6eba08fda84d93d57c371f13711266b9de6e309430f293dc8b
ssdeep: 6144:icCraNCraK5GIbSE/8heDYZGNbSxbS6dXP7bSXRqkBurV/obSoH:inaKawJ9/q3wendXvuLBuJi1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D064120E524172B2F9910EFF16BA38949978D61868C2F47496D38BFBAC07FC7E05261D
sha3_384: adfdf82e54d8ffbdcaede9900a1059cd524949b365c4861a720ce7e8aa6dd8d0fb7e6716765f114341508b2bb581a35e
ep_bytes: 558bec6aff68a8ec4000686006410064
timestamp: 2008-03-14 09:32:14


Version Info:

0: [No Data]

Backdoor:Win32/Koceg!atmnm also known as:

BkavW32.FamVT.SockTTc.Worm
LionicTrojan.Win32.Generic.l0qv
MicroWorld-eScanTrojan.GenericKD.48082797
ClamAVWin.Worm.Socks-9
FireEyeGeneric.mg.54091cf768b13d79
CAT-QuickHealTrojan.MauvaiseRI.S5242999
McAfeeBackDoor-DRW
MalwarebytesSock.Backdoor.Bot.DDS
ZillyaBackdoor.Socks.Win32.7
SangforSuspicious.Win32.Save.ins
K7AntiVirusEmailWorm ( 000415851 )
K7GWEmailWorm ( 000415851 )
Cybereasonmalicious.768b13
BitDefenderThetaAI:Packer.E01BEA191B
CyrenW32/Socks.A.gen!Eldorado
SymantecW32.SillyFDC
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Socks.NAL
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Socks.b
BitDefenderTrojan.GenericKD.48082797
NANO-AntivirusTrojan.Win32.Socks.bdjxhz
AvastWin32:Small-KCA [Trj]
TencentBackdoor.Win32.Socks.zb
SophosMal/Koceg-A
BaiduWin32.Trojan-Downloader.Agent.au
F-SecureTrojan.TR/Dldr.Agent.agl
DrWebTrojan.DownLoader.60883
VIPRETrojan.GenericKD.48082797
TrendMicroWORM_SOCKS.EC
McAfee-GW-EditionBehavesLike.Win32.Backdoor.fc
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.48082797 (B)
IkarusTrojan-Downloader.Win32.Small
GDataWin32.Trojan.PSE1.1AV9XP6
JiangminBackdoor/Socks.a
AviraTR/Dldr.Agent.agl
Antiy-AVLTrojan[Backdoor]/Win32.Socks
XcitiumBackdoor.Win32.Socks.~A@99i8y
ArcabitTrojan.Generic.D2DDAF6D
ViRobotBackdoor.Win32.A.Socks.109594
ZoneAlarmBackdoor.Win32.Socks.b
MicrosoftBackdoor:Win32/Koceg!atmnm
GoogleDetected
AhnLab-V3Worm/Win32.Socks.C94191
VBA32BScope.TrojanDownloader.Small
ALYacTrojan.GenericKD.48082797
MAXmalware (ai score=88)
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_SOCKS.EC
RisingTrojan.Agent!1.6618 (CLASSIC)
YandexTrojan.GenAsa!GB9pRBHhAkI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Socks.NAL!tr
AVGWin32:Small-KCA [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor:Win32/Koceg!atmnm?

Backdoor:Win32/Koceg!atmnm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment