Backdoor

What is “Backdoor:Win32/Padodor.SK!MTB”?

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Sample contains Overlay data
  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: D6479CCFF01F2BAE2D88.mlw
path: /opt/CAPEv2/storage/binaries/fbbee7e08d0360e3e61afb667a42cac4b870c64e69a3ed4257cb3d7caed0c85a
crc32: EDA0BC22
md5: d6479ccff01f2bae2d88fa2c14c6acb7
sha1: bd4f57fe9038cc0b1ce21fe637c4b53f79a03391
sha256: fbbee7e08d0360e3e61afb667a42cac4b870c64e69a3ed4257cb3d7caed0c85a
sha512: 35a100028d75ab9327e5d14da3b7e604796d3ac99634d1c5d8c19ee993b6e9d6a0abc02983f1575be876e3a8226de0b2c563a63e4dc90973fb85d717649e6863
ssdeep: 12288:A/OCzXjOYpV6yYPI3cpV6yYPeHCXwpnsKvNA+XTvZHWuEo3oWL5g:OOCzXjOYWHWIpsKv2EvZHp3oWNg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T187659E31F9C39122D8C262F5698F2660E46EC23D4F75C1D35AAC83AC66563E507FA3C9
sha3_384: 98ead039d057fef78eddf5854db6f7e555025c49396d231c71b24c0b898c882afeb4a111fbc102d39cac2153e1037d38
ep_bytes: 906090909090b8001040009090bbd0c7
timestamp: 2021-11-23 03:39:59


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Agent.DQQO
ClamAVWin.Trojan.Crypted-30
FireEyeGeneric.mg.d6479ccff01f2bae
CAT-QuickHealWorm.Dorkbot.A
SkyhighBehavesLike.Win32.Generic.tt
McAfeeTrojan-FVOJ!D6479CCFF01F
MalwarebytesGeneric.Malware.AI.DDS
VIPRETrojan.Agent.DQQO
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
Cybereasonmalicious.e9038c
BitDefenderThetaAI:Packer.5134665F21
SymantecBackdoor.Berbew
Elasticmalicious (high confidence)
ESET-NOD32Win32/Padodor.NAM
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderTrojan.Agent.DQQO
NANO-AntivirusTrojan.Win32.Padodor.foufls
AvastWin32:BackdoorX-gen [Trj]
RisingBackdoor.Berbew!1.AF13 (CLASSIC)
TACHYONBackdoor/W32.Padodor
SophosTroj/Padodor-M
F-SecureTrojan.TR/Crypt.XDR.Gen
DrWebBackDoor.HangUp.5
ZillyaTrojan.Padodor.Win32.471944
TrendMicroTROJ_GEN.R03BC0DAV24
Trapminemalicious.high.ml.score
EmsisoftTrojan.Agent.DQQO (B)
IkarusTrojan.Crypt
GDataWin32.Trojan.PSE.1D7CWH4
JiangminBackdoor.Padodor.esfe
GoogleDetected
AviraTR/Crypt.XDR.Gen
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
ArcabitTrojan.Agent.DQQO
ZoneAlarmBackdoor.Win32.Padodor.gen
MicrosoftBackdoor:Win32/Padodor.SK!MTB
VaristW32/Pahador.QLFO-8537
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
VBA32Backdoor.Padodor
ALYacTrojan.Agent.DQQO
MAXmalware (ai score=82)
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R03BC0DAV24
TencentBackdoor.Win32.Padodor.kp
SentinelOneStatic AI – Malicious PE
FortinetW32/Qukart.A!tr
AVGWin32:BackdoorX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Backdoor

Should I remove “Backdoor:Win32/Padodor.SK!MTB”?

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: 07378E566C0EF5394924.mlw
path: /opt/CAPEv2/storage/binaries/2169384f4c09130c1d859494e8db7947463cbaa6c0e2f96b8cfb8ac740e60014
crc32: DE41F18F
md5: 07378e566c0ef5394924e4bb4fd9a130
sha1: 4d455f86f4f0e411d2f38c51af2beaafddce6dcf
sha256: 2169384f4c09130c1d859494e8db7947463cbaa6c0e2f96b8cfb8ac740e60014
sha512: c2cb9765b86d1a08479bedd559b3854ad2f2319e66e4dae90e6c81efa6dba33cd1f7b323ae5d81d968fcaa5303f92a05fb165008665fb8d097774bc8d21ebad0
ssdeep: 1536:G5yqqVV9RurcZmtAVhpENIpS0yFbyul1o3+G9nzN25RQjR+KRFR3RzR1URJrCiuS:Gwx4ImUpENmQmu/0nzuejjb5ZXUf2iuS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T194937C36C1A04D91C9E405B2D92ECC79D79DB93852A591E045C373CC033BA7AEBFC66A
sha3_384: f9762ffaac4cc789c024df9c5d42d463775a50a005f4d2d336b607f63d646aaa6e1e6e5093e31c6aa3f814a5a5dc61f7
ep_bytes: 90609090909067e80000000058909090
timestamp: 2020-07-11 03:39:59


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.ShellObject.f8W@aCXl7mh
ClamAVWin.Trojan.Crypted-30
SkyhighBehavesLike.Win32.Generic.mc
McAfeeTrojan-FVOK!07378E566C0E
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Trojan.ShellObject.f8W@aCXl7mh
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
Cybereasonmalicious.6f4f0e
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/Padodor.NAM
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGen:Trojan.ShellObject.f8W@aCXl7mh
NANO-AntivirusTrojan.Win32.Padodor.foufls
AvastWin32:BackdoorX-gen [Trj]
TencentBackdoor.Win32.Padodor.kp
EmsisoftGen:Trojan.ShellObject.f8W@aCXl7mh (B)
F-SecureTrojan.TR/Crypt.ZPACK.Gen2
DrWebBackDoor.HangUp.5
ZillyaTrojan.PadodorGen.Win32.29
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.07378e566c0ef539
SophosTroj/Padodor-M
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.ShellObject.f8W@aCXl7mh
JiangminBackdoor.Padodor.esac
GoogleDetected
AviraTR/Crypt.ZPACK.Gen2
MAXmalware (ai score=84)
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
ArcabitTrojan.ShellObject.ED1619
ZoneAlarmBackdoor.Win32.Padodor.gen
MicrosoftBackdoor:Win32/Padodor.SK!MTB
VaristW32/Pahador.QLFO-8537
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
BitDefenderThetaAI:Packer.B245410121
ALYacGen:Trojan.ShellObject.f8W@aCXl7mh
TACHYONBackdoor/W32.Padodor
VBA32Backdoor.Padodor
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Berbew!1.AF13 (CLASSIC)
IkarusBackdoor.Win32.Padodor
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Qukart.A!tr
AVGWin32:BackdoorX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment