Backdoor

Backdoor:Win32/Padodor.SK!MTB removal guide

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Sample contains Overlay data
  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: AB935FD3B11944BB0CB5.mlw
path: /opt/CAPEv2/storage/binaries/829313939fbb27200bf2b8c9a32a3d965b0be39651161b296fa7b8a572b237cc
crc32: 5261BC34
md5: ab935fd3b11944bb0cb564fc5c173b08
sha1: 6f7654a57f8fe084bf369d9353039d231bd030a2
sha256: 829313939fbb27200bf2b8c9a32a3d965b0be39651161b296fa7b8a572b237cc
sha512: 086534bfeead0d4aadc1d7f39e1b9cdcfa1f28e22e04fcbb5ed5e9d9f6672fee7917d8c1270b02e108333a6a55072b53ae06ea50d62cad46354922da7b7a892f
ssdeep: 6144:yAmNX+CeodB1/TE/m7U5j2QE2+g24Id2jFHu:yjeS1/T6iojj+Td20
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D9346B2B62861F6EC1B402F22D37D487652B9DB8D2AA95D3107CCD1D32E7D17C2BE198
sha3_384: a4907b8b16e047cf52cbc3e67e9b2c29eaf76fddc063458e5ef76ae691c3946baa4dc154e5a3fefb3a3811a5f4e7236a
ep_bytes: 60909090909067e80000000058909090
timestamp: 2016-06-02 03:39:59


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
DrWebBackDoor.HangUp.5
MicroWorld-eScanGen:Trojan.ShellObject.o8Z@aqza5Lj
ClamAVWin.Trojan.Obfus-38
FireEyeGeneric.mg.ab935fd3b11944bb
CAT-QuickHealWorm.Dorkbot.A
SkyhighBehavesLike.Win32.Generic.dh
ALYacGen:Trojan.ShellObject.o8Z@aqza5Lj
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Trojan.ShellObject.o8Z@aqza5Lj
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
CrowdStrikewin/malicious_confidence_100% (D)
ArcabitTrojan.ShellObject.EF95C7
BitDefenderThetaAI:Packer.6419FF6B1E
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Padodor.NAM
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGen:Trojan.ShellObject.o8Z@aqza5Lj
NANO-AntivirusTrojan.Win32.Padodor.foufls
AvastWin32:BackdoorX-gen [Trj]
TencentBackdoor.Win32.Padodor.kp
EmsisoftGen:Trojan.ShellObject.o8Z@aqza5Lj (B)
F-SecureTrojan.TR/Crypt.XDR.Gen
ZillyaTrojan.PadodorGen.Win32.8
Trapminemalicious.high.ml.score
SophosTroj/Padodor-M
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Padodor.esac
GoogleDetected
AviraTR/Crypt.XDR.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Padodor.SK!MTB
ZoneAlarmBackdoor.Win32.Padodor.gen
GDataGen:Trojan.ShellObject.o8Z@aqza5Lj
VaristW32/Pahador.QLFO-8537
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
McAfeeTrojan-FVOK!AB935FD3B119
TACHYONBackdoor/W32.Padodor
VBA32Backdoor.Padodor
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Berbew!1.AF13 (CLASSIC)
YandexBackdoor.Padodor.AF
IkarusBackdoor.Win32.Padodor
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Qukart.A!tr
AVGWin32:BackdoorX-gen [Trj]
Cybereasonmalicious.57f8fe
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Backdoor

Backdoor:Win32/Padodor.SK!MTB removal tips

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: A0CEC8DD48052DD71AC2.mlw
path: /opt/CAPEv2/storage/binaries/cf837d4848bd0b5c459b71fa946c3b1fd6cece73745c7530980212e14b353583
crc32: 3C647046
md5: a0cec8dd48052dd71ac222f60c96a9a1
sha1: 22bc673772d58857bc61b4fd7ce224187778d0ad
sha256: cf837d4848bd0b5c459b71fa946c3b1fd6cece73745c7530980212e14b353583
sha512: a818c8f945a803c2a4f3f817fb56d3672f4b16986946e4e2d57e0ce0c950167c38fc7177a64c13e5fd154b193e9a42c7ff0a8769a89c658674b46b5ccb279804
ssdeep: 3072:/zwQiQHKMtWdS+qjCRGT7LxRVNEAeFKPD375lHzpa1P:/zwVsW4j+Rk1jNEAeYr75lHzpaF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T121A37CCB974E6F32D75303F01009DAABA62442BD556AC1F41018C16F3B5BE69E336FA1
sha3_384: 36fd43755ade9523f1b0bbc0296c8d8feb470cfa20c7aa988edcb486f0a0cb043ce83ee21097e07a2052f95045f0d567
ep_bytes: 909090906090b8001040009090bb38de
timestamp: 1987-08-01 05:39:38


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
CynetMalicious (score: 100)
FireEyeGeneric.mg.a0cec8dd48052dd7
SkyhighBehavesLike.Win32.Generic.nc
McAfeeTrojan-FVOJ!A0CEC8DD4805
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.PadodorGen.Win32.16
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
CrowdStrikewin/malicious_confidence_100% (D)
ArcabitTrojan.Generic.D19375
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Padodor.AB
APEXMalicious
ClamAVWin.Trojan.Crypted-29
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderTrojan.GenericKDZ.103285
NANO-AntivirusTrojan.Win32.Padodor.ivhuhg
MicroWorld-eScanTrojan.GenericKDZ.103285
AvastWin32:Padodor-V [Trj]
TencentBackdoor.Win32.Padodor.kl
TACHYONBackdoor/W32.Padodor
SophosMal/Padodor-A
F-SecureTrojan.TR/Crypt.ZPACK.Gen
DrWebBackDoor.Wdozer
VIPRETrojan.GenericKDZ.103285
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKDZ.103285 (B)
IkarusTrojan.Crypt
JiangminBackdoor.Padodor.dfoq
GoogleDetected
AviraTR/Crypt.ZPACK.Gen
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Padodor.SK!MTB
ZoneAlarmBackdoor.Win32.Padodor.gen
GDataWin32.Trojan.PSE.6Y5R0K
VaristW32/Backdoor.DKIC-2994
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
BitDefenderThetaAI:Packer.F2DCBEC921
ALYacTrojan.GenericKDZ.103285
MAXmalware (ai score=88)
VBA32Backdoor.Padodor
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Berbew!8.115 (TFE:3:VwjsvwwEtLP)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.BJQV!tr
AVGWin32:Padodor-V [Trj]
Cybereasonmalicious.772d58
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment