Backdoor

Backdoor:Win32/Optixpro malicious file

Malware Removal

The Backdoor:Win32/Optixpro is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Optixpro virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Optixpro?



File Info:

name: D3C25F28529FA80C5B31.mlw
path: /opt/CAPEv2/storage/binaries/2cbced070d7e52445487cce02ccd06f4448fdc2f59ede1a5dd0856a050030890
crc32: ADD11699
md5: d3c25f28529fa80c5b31e5931d3ece3f
sha1: ec655a5a0a7b2482893584b8cf653c4667cd331a
sha256: 2cbced070d7e52445487cce02ccd06f4448fdc2f59ede1a5dd0856a050030890
sha512: 0ec2e4c08397f5581fef9703eab0641f66c9bb1a179762bf96ec6184e59914d3d3776cab0386703af0e0e386d98ef73e1889b412033b3920ca76b61473d24e62
ssdeep: 12288:DpxB6Ry/ftxIW4t4U1pzd3vd9ediK8gO3Vkmkv0MNONgV:lxZ1xcLzzpvd9aiKEV1I0M4I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B7942362D25CEC53C62218B665433BFDAB84FA481E05CF535540AFBFF7AA1014B3C26A
sha3_384: 7a2cbfe76501272b17fd5c00d0aed4a67bef6674832c81526395872ba6aeb694666dcf841b58a42e60318d384ec83701
ep_bytes: 60be00b041008dbe0060feff5783cdff
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Backdoor:Win32/Optixpro also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Delf.b!c
tehtrisGeneric.Malware
MicroWorld-eScanDropped:Generic.OptixPro.FCAEFB74
FireEyeGeneric.mg.d3c25f28529fa80c
SkyhighBehavesLike.Win32.Sytro.gc
McAfeeArtemis!D3C25F28529F
VIPREDropped:Generic.OptixPro.FCAEFB74
SangforTrojan.Win32.Save.a
AlibabaBackdoor:Win32/Optix.a45a2d0c
Cybereasonmalicious.a0a7b2
BaiduWin32.Trojan.Delf.gc
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Delf.PDV
APEXMalicious
ClamAVWin.Trojan.Ag-1
KasperskyTrojan-Dropper.Win32.Delf.tx
BitDefenderDropped:Generic.OptixPro.FCAEFB74
RisingDropper.Win32.Delf.tx (CLOUD)
SophosMal/Behav-043
F-SecureTrojan.TR/Crypt.CFI.Gen
DrWebTrojan.MulDrop.3859
ZillyaDropper.Delf.Win32.24966
TrendMicroMal_Banker
Trapminemalicious.high.ml.score
EmsisoftDropped:Generic.OptixPro.FCAEFB74 (B)
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=100)
JiangminTrojanDropper.Delf.atc
GoogleDetected
AviraTR/Crypt.CFI.Gen
VaristW32/Optix.A.gen!Eldorado
Antiy-AVLTrojan[Dropper]/Win32.Delf
Kingsoftmalware.kb.b.985
MicrosoftBackdoor:Win32/Optixpro
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitGeneric.OptixPro.FCAEFB74
SUPERAntiSpywareTrojan.Agent/Gen-Injector
ZoneAlarmTrojan-Dropper.Win32.Delf.tx
GDataDropped:Generic.OptixPro.FCAEFB74
CynetMalicious (score: 100)
BitDefenderThetaAI:Packer.22612A4321
ALYacDropped:Generic.OptixPro.FCAEFB74
DeepInstinctMALICIOUS
VBA32TrojanDropper.Delf
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallMal_Banker
TencentWin32.Trojan-Dropper.Delf.Twhl
YandexTrojan.DR.Delf!UHNP+0W8e08
IkarusBackdoor.Win32.Rbot
MaxSecureTrojan.Malware.384556.susgen
FortinetW32/Delf.TX!tr
AVGWin32:Delf-BIR [Trj]
AvastWin32:Delf-BIR [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Backdoor:Win32/Optixpro?

Backdoor:Win32/Optixpro removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment