Backdoor

About “Backdoor:Win32/Morix.A” infection

Malware Removal

The Backdoor:Win32/Morix.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Morix.A virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the PCRat malware family

How to determine Backdoor:Win32/Morix.A?



File Info:

name: 8A7C7BE389CE062A1692.mlw
path: /opt/CAPEv2/storage/binaries/70e7cc954670749098cc7589d95f10877cd1ee9ef60df641e29b6b6e29690a52
crc32: 6D02DA96
md5: 8a7c7be389ce062a1692d6740d701680
sha1: 56faacae9e1af736858e4fcb101dbe8f864d27a3
sha256: 70e7cc954670749098cc7589d95f10877cd1ee9ef60df641e29b6b6e29690a52
sha512: 82456c24d5631fc55f1bf6a4aa2b37f6ff80e95c033bce67deae7e6c9eeddfb9d0cb04e382035cc4e271d7cad347b35f3cb86fe9ce5b0629eafa004f487ac89b
ssdeep: 3072:JTJ65zOUftwG03IvXjUgKZCPJkMcztQ3juGBvWk7eXs7aMBh1inKtRQeQvu:JV65zhB04vzURCRJqtsuuuTXqdinKTXv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T140340920E206C56DD4A5007184FAAFBEA918AE750F0F54C3B3D47F5E29B52E1BA3161F
sha3_384: 0c1b03842f530439240acd66f199d88a99d3f76cbe7f738678770937091b5c1d6cc897098f19a2f8bcdb47b9991b8d81
ep_bytes: 558bec6aff6828484000682e78420064
timestamp: 2016-12-12 10:56:02


Version Info:

Comments: 
CompanyName: Ëů·ń¶¨¸÷·´¶Ôµł·˘Ë͵߸˛
FileDescription:  
FileVersion: 1, 0, 4, 0
InternalName: Ńáľë¸Đ·´µą
LegalCopyright: Copyright (C) 2006 Robin Keir
LegalTrademarks: 
OriginalFilename: µÚČý·˝.exe
PrivateBuild: 
ProductName: Čöµ©
ProductVersion: 1, 0, 4, 0
SpecialBuild: 
Translation: 0x0804 0x04b0

Backdoor:Win32/Morix.A also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Magania.l8gE
MicroWorld-eScanTrojan.GenericKD.61014901
ClamAVWin.Trojan.Farfli-9754465-0
FireEyeGeneric.mg.8a7c7be389ce062a
McAfeeRDN/Generic BackDoor
CylanceUnsafe
VIPRETrojan.GenericKD.61014901
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 000342501 )
AlibabaBackdoor:Win32/Farfli.4eb7426c
K7GWTrojan ( 000342501 )
Cybereasonmalicious.e9e1af
CyrenW32/OnlineGames.AQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Farfli.AK
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.Win32.Farfli.gen
BitDefenderTrojan.GenericKD.61014901
NANO-AntivirusTrojan.Win32.Farfli.icrqcb
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Lapka.bw
Ad-AwareTrojan.GenericKD.61014901
EmsisoftTrojan.GenericKD.61014901 (B)
ComodoMalware@#e2onzcumarum
ZillyaTrojan.Farfli.Win32.42314
TrendMicroBKDR_FARFLI.SMQ
McAfee-GW-EditionBehavesLike.Win32.Ransomware.dm
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.61014901
JiangminHeur:Trojan/Dialer
AviraHEUR/AGEN.1220777
Antiy-AVLTrojan/Generic.ASMalwS.AE9
KingsoftWin32.Troj.Undef.(kcloud)
ViRobotTrojan.Win32.Z.Farfli.250962
MicrosoftBackdoor:Win32/Morix.A
GoogleDetected
AhnLab-V3Trojan/Win32.Farfli.C4253426
VBA32BScope.Trojan.AVKill
ALYacTrojan.GenericKD.61014901
MAXmalware (ai score=84)
MalwarebytesMalware.AI.3868229294
TrendMicro-HouseCallBKDR_FARFLI.SMQ
RisingBackdoor.Farfli!1.6495 (CLASSIC)
IkarusTrojan.SuspectCRC
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34606.pq1@a0UnZwhP
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Morix.A?

Backdoor:Win32/Morix.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment