Backdoor

Backdoor:Win32/Padodor.SK!MTB removal

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: D5807ABB9DC3513DEB05.mlw
path: /opt/CAPEv2/storage/binaries/194b65fe1e4b93f2828d381ad7d844ee5d3769faa421713e13a0e6ad5a479564
crc32: 0D0BBF43
md5: d5807abb9dc3513deb052ab4e0fbd55a
sha1: ce1c7827a0b662253dff092bf13e202574154084
sha256: 194b65fe1e4b93f2828d381ad7d844ee5d3769faa421713e13a0e6ad5a479564
sha512: e4cc65ed0014592a7b3649f5494bfe518f7902fef6ba4654c31d904cc11db5c138bd728bb1b8e3f06294776e36941dc101534b65a6697f7b20c268a1d46d01e3
ssdeep: 1536:j8KKU0M+FIOwtkevKeh8EzNLuhrllllllllllllllllllllllllllllllllllOlS:M+PmevKehJpKhrlllllllllllllllllF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T189937E4B11652EE2C8890EF02547D6EBFA1B663F31F95DE0DA48E03D024BA3D417EE95
sha3_384: de2988cfa55b9ab1e96316157d20a517cdbdb6cff3d9bba5952c675523b89322cfeec487e7e6e1c7654415b8e9fc0f37
ep_bytes: 60909090909067e80000000090909090
timestamp: 2017-10-15 03:39:59


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.ShellObject.f8W@aGN6KMb
FireEyeGeneric.mg.d5807abb9dc3513d
SkyhighBehavesLike.Win32.Generic.nc
McAfeeTrojan-FVOK!D5807ABB9DC3
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 005780dd1 )
K7AntiVirusTrojan ( 005780dd1 )
ArcabitTrojan.ShellObject.ED1B05
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/Padodor.NAM
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Crypted-36
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGen:Trojan.ShellObject.f8W@aGN6KMb
NANO-AntivirusTrojan.Win32.Padodor.foufls
AvastWin32:BackdoorX-gen [Trj]
SophosTroj/Padodor-M
F-SecureTrojan.TR/Crypt.ZPACK.Gen
DrWebBackDoor.HangUp.5
VIPREGen:Trojan.ShellObject.f8W@aGN6KMb
Trapminemalicious.high.ml.score
EmsisoftGen:Trojan.ShellObject.f8W@aGN6KMb (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Padodor.esac
VaristW32/Pahador.QLFO-8537
AviraTR/Crypt.ZPACK.Gen
MAXmalware (ai score=80)
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Padodor.SK!MTB
ZoneAlarmBackdoor.Win32.Padodor.gen
GDataGen:Trojan.ShellObject.f8W@aGN6KMb
GoogleDetected
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
BitDefenderThetaAI:Packer.0E93EAB821
ALYacGen:Trojan.ShellObject.f8W@aGN6KMb
TACHYONBackdoor/W32.Padodor
VBA32Backdoor.Padodor
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Berbew!1.AF13 (CLASSIC)
IkarusTrojan-Downloader.Win32.Berbew
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.BJQV!tr
AVGWin32:BackdoorX-gen [Trj]
Cybereasonmalicious.7a0b66
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Backdoor

Backdoor:Win32/Padodor.SK!MTB (file analysis)

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Sample contains Overlay data
  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: EB1E6F907FEB13383893.mlw
path: /opt/CAPEv2/storage/binaries/cbc00f125430a0e1aea488f73347bf1924a676525407d2d7d60a999c45b93bf5
crc32: DBAFCC5E
md5: eb1e6f907feb133838930e6b01ddef2a
sha1: 447a5aa7efd9173b978fe8d7e009c59c6cff100a
sha256: cbc00f125430a0e1aea488f73347bf1924a676525407d2d7d60a999c45b93bf5
sha512: 7d69ae3a21d90ce765a5731a2b15d0c4d5c6c23c1d34b605bdcdfabc8d5bf1d27a7e989beabe5e0540dfd5d2ca8dfb979683fe22be586a157c6eb1c237198fd7
ssdeep: 3072:yKdBxVcpiWlu0O3HD08uFafmHURHAVgnvedh6DRyU:ItX8D08uF8YU8gnve7GR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T187F36C1EB294FF32C77632712636E9D6F719F47A132686B0D46B800DC357F68827A285
sha3_384: 06e7020e22d22d9ac3798efaed03b321a96c61909308c49d2d22f306d3ca2ef408a2c28938d1fc1a27afbda65940ebd8
ep_bytes: 909090906090b80010400090906a0490
timestamp: 1979-05-15 05:39:38


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebBackDoor.Wdozer
MicroWorld-eScanGen:Trojan.ShellObject.k8Z@au4JtZd
ClamAVWin.Trojan.Crypted-29
FireEyeGeneric.mg.eb1e6f907feb1338
SkyhighBehavesLike.Win32.Generic.ch
ALYacGen:Trojan.ShellObject.k8Z@au4JtZd
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
Cybereasonmalicious.7efd91
ArcabitTrojan.ShellObject.ECEB67
BitDefenderThetaAI:Packer.9B09EDDD21
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/Padodor.AB
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGen:Trojan.ShellObject.k8Z@au4JtZd
NANO-AntivirusTrojan.Win32.GenKryptik.kcaixj
AvastWin32:Padodor-V [Trj]
TencentBackdoor.Win32.Padodor.kp
EmsisoftGen:Trojan.ShellObject.k8Z@au4JtZd (B)
F-SecureTrojan.TR/Dropper.Gen
VIPREGen:Trojan.ShellObject.k8Z@au4JtZd
Trapminemalicious.high.ml.score
SophosMal/Padodor-A
IkarusTrojan.Crypt
JiangminBackdoor.Padodor.erim
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=86)
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Padodor.SK!MTB
ZoneAlarmBackdoor.Win32.Padodor.gen
GDataGen:Trojan.ShellObject.k8Z@au4JtZd
VaristW32/Backdoor.DKIC-2994
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
McAfeeTrojan-FVOJ!EB1E6F907FEB
TACHYONBackdoor/W32.Padodor
VBA32Backdoor.Padodor
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Berbew!8.115 (TFE:3:AraPauNC5WE)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.BJQV!tr
AVGWin32:Padodor-V [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment