Categories: Backdoor

About “Backdoor:Win32/Plugx.M” infection

The Backdoor:Win32/Plugx.M is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Plugx.M virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Behavioural detection: PlugX
CAPE detected the shellcode get eip malware family
Attempts to modify proxy settings
Touches a file containing cookies, possibly for information gathering
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Plugx.M?


File Info:
name: 6370F5D3E2CCBCB2D63D.mlwpath: /opt/CAPEv2/storage/binaries/9032a1644f525baaafa5199edf29fb18c71a8c221264c2890e1ec475138fc317crc32: 3F5EA9BBmd5: 6370f5d3e2ccbcb2d63d0c9dc9b3aa91sha1: 224bc78a38bdb5bc8e4bdaf2311644709534a88fsha256: 9032a1644f525baaafa5199edf29fb18c71a8c221264c2890e1ec475138fc317sha512: 30b4667862ef892785a584ae2ac4c54fc863d3eeacdc18fe643c6d7fa44d9c1c1eec4626a3aaf9098248142597c4c716aee0f19831bb5c2350868081114a216fssdeep: 6144:bcWMJJhqryYP/daqSCUFtRbUN5T//FCQx12xGc9AthMc8rcflQD6h/:bczJJhqrVPl7UFnUTFjxwWhj8Y9x/type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1F564021377D2407AE59293302A3D93A9E6BCFD3021B69507E7E1351D3FB0692C91AB63sha3_384: f42d936fc6ebf5ea29ccab249bb7202678b1a2b349a1b41ee46002f25378645ce2fc31113318bede945b4a2b3661ca53ep_bytes: e8e3feffff33c050505050e8be2b0000timestamp: 2010-02-10 13:09:37
Version Info:
0: [No Data]

Backdoor:Win32/Plugx.M also known as:

Bkav	W32.Common.6DD8ADF6
Lionic	Trojan.Win32.Waldek.4!c
DrWeb	Trojan.Siggen7.7216
MicroWorld-eScan	Gen:Variant.PlugX.1
FireEye	Gen:Variant.PlugX.1
Skyhigh	GenericRXCN-ZU!6156214B7672
McAfee	Artemis!6370F5D3E2CC
Malwarebytes	Malware.AI.4135852200
VIPRE	Gen:Variant.PlugX.1
Sangfor	Backdoor.Win32.Plugx.Vx8e
K7AntiVirus	Trojan ( 0055e3991 )
Alibaba	Backdoor:Win32/Waldek.e993f981
K7GW	Trojan ( 0055e3991 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZedlaF.36744.hu4@a0AmErai
Symantec	Trojan.Dropper
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Korplug.QI
APEX	Malicious
ClamAV	Win.Dropper.Korplug-7430756-0
Kaspersky	Trojan.Win32.Waldek.yzw
BitDefender	Gen:Variant.PlugX.1
Avast	FileRepMalware [Misc]
Tencent	Win32.Trojan.Waldek.Akjl
Sophos	Mal/Generic-S
Google	Detected
F-Secure	Heuristic.HEUR/AGEN.1301790
TrendMicro	BKDR_PLUGX.ZTEG
Emsisoft	Gen:Variant.PlugX.1 (B)
GData	Gen:Variant.PlugX.1
Jiangmin	Backdoor.Gulpix.xl
Webroot	W32.Trojan.GenKD
Varist	W32/Injector.GJKW-3314
Avira	TR/AD.Inject.crwre
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Korplug
Xcitium	Malware@#1c0g9xb0b7qs
Arcabit	Trojan.PlugX.1
ZoneAlarm	Trojan.Win32.Waldek.yzw
Microsoft	Backdoor:Win32/Plugx.M
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Waldek.C2057015
ALYac	Gen:Variant.PlugX.1
VBA32	BScope.Trojan.Agent
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	BKDR_PLUGX.ZTEG
Rising	Backdoor.Gulpix!8.3DA (TFE:5:KmPGZ1q2CwQ)
Ikarus	Trojan.Win32.Korplug
MaxSecure	Trojan.Malware.11622052.susgen
Fortinet	W32/PLUGX.ZTEG!tr.bdr
AVG	FileRepMalware [Misc]
Cybereason	malicious.a38bdb
DeepInstinct	MALICIOUS