Categories: Backdoor

About “Backdoor:Win32/Padodor.SK!MTB” infection

The Backdoor:Win32/Padodor.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Padodor.SK!MTB virus can do?

Sample contains Overlay data
Creates an indicator observed in Territorial Disputes report SIG40
Uses Windows utilities for basic functionality
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Padodor.SK!MTB?


File Info:
name: 2F722FEFC59C9B612782.mlwpath: /opt/CAPEv2/storage/binaries/618e07d3f9743932da530a1fd57720619a6c304873df3f833684e4bda16813f9crc32: 5A8A06EBmd5: 2f722fefc59c9b6127822babbb86f0bbsha1: 370967d0e9e38674f1c16a81d716171fb86d78ddsha256: 618e07d3f9743932da530a1fd57720619a6c304873df3f833684e4bda16813f9sha512: 30b7439d0ca46158fa1988003b140cf18e51196538428e5ccc8dc6e0485c4ac36f3349a3d1780485ea6b107bcea8432ddb6053599ecdffc389757d0ea602019bssdeep: 3072:XNeSMDawaelSJdEN0s4WE+3S9pui6yYPaI7DX:XNDMXxcENm+3Mpui6yYPaI/type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13CD3AF6B666B2FB3C94301F02A4A549AFB1DD5B711334C91D9BE40DC36BBE34133A299sha3_384: c790e35fe353dfdda43dc09211f8c2d25373322d2d2fdd26d5b4377d82f86b9f26ac690fde86d89f087467161cfaa83fep_bytes: 90609090909067e80000000090909090timestamp: 2017-10-15 03:39:59
Version Info:
0: [No Data]

Backdoor:Win32/Padodor.SK!MTB also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
DrWeb	BackDoor.HangUp.5
MicroWorld-eScan	Gen:Trojan.ShellObject.i8Z@aGN6KMb
ClamAV	Win.Trojan.Crypted-30
Skyhigh	BehavesLike.Win32.Generic.cc
McAfee	Trojan-FVOK!2F722FEFC59C
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Trojan.PadodorGen.Win32.7
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Proxy-Program ( 003b8b111 )
K7GW	Proxy-Program ( 003b8b111 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	AI:Packer.E277728A21
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Padodor.NAM
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Padodor.gen
BitDefender	Gen:Trojan.ShellObject.i8Z@aGN6KMb
NANO-Antivirus	Trojan.Win32.Padodor.foufls
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Backdoor.Win32.Padodor.kg
Emsisoft	Gen:Trojan.ShellObject.i8Z@aGN6KMb (B)
F-Secure	Trojan.TR/Dropper.Gen
VIPRE	Gen:Trojan.ShellObject.i8Z@aGN6KMb
TrendMicro	TROJ_GEN.R03BC0DBD24
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.2f722fefc59c9b61
Sophos	Troj/Padodor-M
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.PSE.1G33IXO
Jiangmin	Backdoor.Padodor.esac
Google	Detected
Avira	TR/Dropper.Gen
MAX	malware (ai score=83)
Antiy-AVL	Trojan[Proxy]/Win32.Qukart.gen
Arcabit	Trojan.ShellObject.E01D67
ZoneAlarm	Backdoor.Win32.Padodor.gen
Microsoft	Backdoor:Win32/Padodor.SK!MTB
Varist	W32/Pahador.QLFO-8537
AhnLab-V3	Win-Trojan/Berbew.51712
Acronis	suspicious
VBA32	Backdoor.Padodor
TACHYON	Backdoor/W32.Padodor
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R03BC0DBD24
Rising	Backdoor.Berbew!1.AF13 (CLASSIC)
Ikarus	Trojan-Downloader.Win32.Berbew
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Qukart.A!tr
AVG	Win32:BackdoorX-gen [Trj]
Cybereason	malicious.0e9e38
DeepInstinct	MALICIOUS