Backdoor

Backdoor:Win32/Lapka.A removal instruction

Malware Removal

The Backdoor:Win32/Lapka.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor:Win32/Lapka.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • The sample wrote data to the system hosts file.
  • Created a service that was not started
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor:Win32/Lapka.A?


File Info:

name: AF893932F91E28A5193E.mlw
path: /opt/CAPEv2/storage/binaries/bd18bb55f196b1cd7900de56fc05dd25d0436c4e7ab340a5b317aec826f6a43e
crc32: FFE0A895
md5: af893932f91e28a5193e53373fc35580
sha1: 06c0683dafbc92d2c9717ea105fdb6a9ab5956f4
sha256: bd18bb55f196b1cd7900de56fc05dd25d0436c4e7ab340a5b317aec826f6a43e
sha512: 002b358252c4ceefc519682ab7bd7f7cd2e54f2219fbb2ac21602a1cf9159a758e94454293385a44d817f62415f7b72736d12bd339f3aa8dda9b0fc6e0a3039a
ssdeep: 384:jm8Q6Ft4D5OrYa4niZlraVoMl/lWDlno8y2MW52NxmlE6xaqdGmTdcHHRm:V7j4D5OrYa4ir9oJ2MW5Mk1q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15DF23B1ACA1570F2F4B05875046A6B37D13FA6253E59E683CF90CD64A872FE1FC19386
sha3_384: 828ab5e43e5cacf056cf77649bf200781e14514ef342982c352c13541e58b253df559adcd5f43ae363c24b0b4a97ef8f
ep_bytes: 558bec6aff6820524000686042400064
timestamp: 2008-11-01 03:08:57

Version Info:

0: [No Data]

Backdoor:Win32/Lapka.A also known as:

BkavW32.AIDetect.malware2
DrWebWin32.HLLW.Autoruner2.15747
MicroWorld-eScanGen:Variant.Symmi.4645
FireEyeGeneric.mg.af893932f91e28a5
CAT-QuickHealBackdoor.Lapka
McAfeeGeneric QHosts.a.gen
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
K7AntiVirusP2PWorm ( 0055e3e51 )
AlibabaWorm:Win32/AutoRun.d047172c
K7GWP2PWorm ( 0055e3e51 )
Cybereasonmalicious.2f91e2
BitDefenderThetaAI:Packer.6EC366B91F
VirITTrojan.Win32.Agent.AOXM
CyrenW32/Downloader.QZIC-2393
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.Agent.BR
TrendMicro-HouseCallTROJ_GEN.R03BC0DFJ22
ClamAVWin.Trojan.Qhost-160
KasperskyWorm.Win32.AutoRun.sfj
BitDefenderGen:Variant.Symmi.4645
NANO-AntivirusVirus.Win32.Agent.bbfvwq
AvastWin32:Rootkit-gen [Rtk]
TencentMalware.Win32.Gencirc.116a549e
Ad-AwareGen:Variant.Symmi.4645
TACHYONWorm/W32.AutoRun.36864.H
EmsisoftGen:Variant.Symmi.4645 (B)
ComodoWorm.Win32.AutoRun.~COE@1aeu5a
ZillyaWorm.AutoRun.Win32.7056
TrendMicroTROJ_GEN.R03BC0DFJ22
McAfee-GW-EditionBehavesLike.Win32.Generic.nt
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Inject-CEE
IkarusTrojan-Dropper.Agent
GDataGen:Variant.Symmi.4645
JiangminWorm/AutoRun.epz
AviraTR/Hijacker.Gen
KingsoftWin32.HeurC.KVM003.a.(kcloud)
ArcabitTrojan.Symmi.D1225
ViRobotWorm.Win32.Autorun.36864.AA
MicrosoftBackdoor:Win32/Lapka.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Lmirhack.C50312
VBA32BScope.Trojan.Wacatac
ALYacGen:Variant.Symmi.4645
MAXmalware (ai score=89)
APEXMalicious
RisingTrojan.Generic@AI.92 (RDML:AyixS1HeIrN+3oWBMSvJJw)
SentinelOneStatic AI – Malicious PE
FortinetW32/AutoRun.SFJ!worm
AVGWin32:Rootkit-gen [Rtk]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Lapka.A?

Backdoor:Win32/Lapka.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment