Backdoor

Backdoor:Win32/Padodor.SK!MTB removal

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Sample contains Overlay data
  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: 0F2A1D2D4AB3D7129F21.mlw
path: /opt/CAPEv2/storage/binaries/a27d3b0637dc09d4f957c5d9f25edd6e830ff41c8bc2c14744296050e97db8c0
crc32: 845C5A9B
md5: 0f2a1d2d4ab3d7129f213773fe5db977
sha1: ddca1c5e993e2f22534597dfeb67c627596baeec
sha256: a27d3b0637dc09d4f957c5d9f25edd6e830ff41c8bc2c14744296050e97db8c0
sha512: 5eb1ab7e3574607ac5f19e79fd7666b38f61808f0f0dc9097f7b016a2f995b6c61103d856082703a7f42d9c614eed6f8f2b0d16187a0690f5c4cd8586d6a27f2
ssdeep: 6144:pET13z/ch4ivUdw3D7HtENm+3Mpui6yYPaIGckfru5xyDpui6yYPaIGckSU0583B:WzkhZGwcMpV6yYP4rbpV6yYPg058KS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D394BE2619573F66C42980FC35124E1F9B5ACF203FE9ACD404FAC4DE8D6AF64D2690B9
sha3_384: 1499ab5ad98418b00221993e50f702865f482dceff3f9b840c79f7d9b668d93a3b545a51f032fa5be8c5ce6ecb783da7
ep_bytes: 9060b8001040009090906a0490905f90
timestamp: 2017-10-15 03:39:59


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
DrWebBackDoor.HangUp.5
MicroWorld-eScanGen:Trojan.ShellObject.z8Z@aO1tmfb
ClamAVWin.Trojan.Obfus-38
FireEyeGeneric.mg.0f2a1d2d4ab3d712
CAT-QuickHealWorm.Dorkbot.A
SkyhighBehavesLike.Win32.Backdoor.gc
McAfeeTrojan-FVOJ!0F2A1D2D4AB3
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Trojan.ShellObject.z8Z@aO1tmfb
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.595D5A1521
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Padodor.NAM
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGen:Trojan.ShellObject.z8Z@aO1tmfb
NANO-AntivirusTrojan.Win32.Padodor.foufls
AvastWin32:BackdoorX-gen [Trj]
TencentBackdoor.Win32.Padodor.kg
TACHYONBackdoor/W32.Padodor
EmsisoftGen:Trojan.ShellObject.z8Z@aO1tmfb (B)
F-SecureTrojan.TR/Crypt.XDR.Gen
ZillyaTrojan.PadodorGen.Win32.7
SophosTroj/Padodor-M
IkarusTrojan.Crypt
GDataWin32.Trojan.PSE.1G33IXO
JiangminBackdoor.Padodor.eyel
GoogleDetected
AviraTR/Crypt.XDR.Gen
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
ArcabitTrojan.ShellObject.E320DF
ZoneAlarmBackdoor.Win32.Padodor.gen
MicrosoftBackdoor:Win32/Padodor.SK!MTB
VaristW32/Pahador.QLFO-8537
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
VBA32Backdoor.Padodor
MAXmalware (ai score=89)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Berbew!1.AF13 (CLASSIC)
YandexBackdoor.Padodor.AF
SentinelOneStatic AI – Malicious PE
MaxSecureBackdoor.Win32.Padodor.gen
FortinetW32/Qukart.A!tr
AVGWin32:BackdoorX-gen [Trj]
Cybereasonmalicious.e993e2
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Backdoor

Backdoor:Win32/Padodor.SK!MTB information

Malware Removal

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

  • Creates an indicator observed in Territorial Disputes report SIG40
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Padodor.SK!MTB?



File Info:

name: B5EE38FB464B4FDB40D5.mlw
path: /opt/CAPEv2/storage/binaries/1fb19e9d28ad1f1747655a7a44a5cdd43fed37a79eb56c8e9d00d648c44d64ed
crc32: FCB569D4
md5: b5ee38fb464b4fdb40d50053c0f69a2b
sha1: 23252fa94adfa62a7f90a04a7b5907814d90d540
sha256: 1fb19e9d28ad1f1747655a7a44a5cdd43fed37a79eb56c8e9d00d648c44d64ed
sha512: d237404ea32587e9e4d8a9217b6f67395df1b54c9978aaad4f23f35ef98dc0c599a6c844bd7f21695d7a420e01ce84f7ce87dc753a7356ad376955def4c032a4
ssdeep: 3072:tu4NvxkktBiuHrmirdLXs4EEgb3a3+X13XRzT:tuyHihedjEB7aOl3BzT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T131A37E0EB2521F2ECB9303F12155A9E277999478353AC4D15B5DCC0F9686F3E03AABD1
sha3_384: 3c1d1afd3c4718c6a02d5e22793af4bceafc1b083182fa577efd96514b7105a4fb00ed79edd501a15491c7e1c85962f2
ep_bytes: 90b8001040009090bb38de400090b990
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebBackDoor.Wdozer
MicroWorld-eScanGen:Trojan.ShellObject.g8W@aK5!lZo
FireEyeGeneric.mg.b5ee38fb464b4fdb
SkyhighBehavesLike.Win32.Generic.cc
McAfeeGenericRXPE-AP!BD168491ABEB
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.PadodorGen.Win32.17
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005780dd1 )
K7GWTrojan ( 005780dd1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.C2E19FE121
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Padodor.AB
APEXMalicious
ClamAVWin.Dropper.Berbew-10009643-0
KasperskyBackdoor.Win32.Padodor.gen
BitDefenderGen:Trojan.ShellObject.g8W@aK5!lZo
NANO-AntivirusTrojan.Win32.Padodor.ivlqqp
AvastWin32:Padodor-V [Trj]
TencentBackdoor.Win32.Padodor.kp
TACHYONBackdoor/W32.Padodor
SophosMal/Generic-S
F-SecureTrojan.TR/Crypt.ZPACK.Gen
VIPREGen:Trojan.ShellObject.g8W@aK5!lZo
EmsisoftGen:Trojan.ShellObject.g8W@aK5!lZo (B)
IkarusTrojan.Crypt
GDataWin32.Trojan.PSE.15MS2TX
JiangminTrojanSpy.Convagent.fp
GoogleDetected
AviraTR/Crypt.ZPACK.Gen
VaristW32/Backdoor.DKIC-2994
Antiy-AVLTrojan[Proxy]/Win32.Qukart.gen
Kingsoftmalware.kb.a.1000
ArcabitTrojan.ShellObject.E00F2E
ZoneAlarmBackdoor.Win32.Padodor.gen
MicrosoftBackdoor:Win32/Padodor.SK!MTB
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Berbew.51712
Acronissuspicious
VBA32Backdoor.Padodor
ALYacGen:Trojan.ShellObject.g8W@aK5!lZo
MAXmalware (ai score=87)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Padodor!8.118 (TFE:5:7KxSiWwgENI)
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.B077!tr
AVGWin32:Padodor-V [Trj]
Cybereasonmalicious.94adfa
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Padodor.SK!MTB?

Backdoor:Win32/Padodor.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment