Categories: Backdoor

Backdoor:Win32/Prorat.L malicious file

The Backdoor:Win32/Prorat.L is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Prorat.L virus can do?

Creates RWX memory
Starts servers listening on 0.0.0.0:1860, 0.0.0.0:5112, 0.0.0.0:51100
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Sniffs keystrokes
Deletes its original binary from disk
Attempts to stop active services
Installs itself for autorun at Windows startup
Creates a hidden or system file
Likely virus infection of existing system binary
Creates a copy of itself

How to determine Backdoor:Win32/Prorat.L?


File Info:
crc32: 08ABE829md5: b6c950da33d09bf3024949fab52327d2name: flax.exesha1: 1a9dffdeaec3e6feecb3fb6126ec954287c3288dsha256: 6f91f4ba154d26f830f60b4991a5fc509702136fda9aef57768bfe28564c5517sha512: 50c29b9d1e7bd70823716bd519470046337a5d10a54d461fb4d52d3c24ebf85b7ea2315f1b3e1dfef19d1bdbeb569046f3626b665c32a902797e67487403f0a3ssdeep: 6144:ERqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4yL9ez7:wqmpplpGoGL3etQoMiXM8gxf/Sj4yL9Otype: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
Version Info:
0: [No Data]

Backdoor:Win32/Prorat.L also known as:

Bkav	W32.FserviceGJK.Trojan
MicroWorld-eScan	Generic.Malware.G!SFMBVbg.07D05011
FireEye	Generic.mg.b6c950da33d09bf3
CAT-QuickHeal	Backdoor.Prorat.T8
Qihoo-360	Win32/Backdoor.5a1
ALYac	Generic.Malware.G!SFMBVbg.07D05011
Malwarebytes	Backdoor.ProRat
VIPRE	Backdoor.Win32.Agent.aaz (fs)
Sangfor	Malware
K7AntiVirus	Backdoor ( 0020e8c31 )
BitDefender	Generic.Malware.G!SFMBVbg.07D05011
K7GW	Backdoor ( 0020e8c31 )
Cybereason	malicious.a33d09
TrendMicro	BKDR_AVW.A
BitDefenderTheta	AI:Packer.9B7303D71D
Cyren	W32/ProratP.A
Symantec	Trojan Horse
TotalDefense	Win32/ProRat.L
Baidu	Win32.Backdoor.Prorat.f
APEX	Malicious
Paloalto	generic.ml
GData	Generic.Malware.G!SFMBVbg.07D05011
Kaspersky	Backdoor.Win32.Prorat.npv
Alibaba	Backdoor:Win32/Prorat.c0e459d2
NANO-Antivirus	Trojan.Win32.Prorat-19.hhti
ViRobot	Backdoor.Win32.Prorat.350764.D
Tencent	Trojan.Win32.Prorat.ad
Ad-Aware	Generic.Malware.G!SFMBVbg.07D05011
Sophos	Troj/Prorat-19
Comodo	Backdoor.Win32.Agent.AVW85@11x5ri
F-Secure	Backdoor.BDS/Prorat.19.O
DrWeb	BackDoor.ProRat.3396
Zillya	Backdoor.Prorat.Win32.7574
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.fc
CMC	Backdoor.Win32.Prorat!O
Emsisoft	Generic.Malware.G!SFMBVbg.07D05011 (B)
Ikarus	Backdoor.Win32.Prorat
F-Prot	W32/ProratP.A
Jiangmin	Backdoor/Prorat.ci
Webroot	W32.Prorat.Gen
Avira	BDS/Prorat.19.O
Antiy-AVL	Trojan[Backdoor]/Win32.VB.aoi
Endgame	malicious (moderate confidence)
Arcabit	Generic.Malware.G!SFMBVbg.07D05011
SUPERAntiSpyware	Trojan.Agent/Gen-Prorat
ZoneAlarm	Backdoor.Win32.Prorat.npv
Microsoft	Backdoor:Win32/Prorat.L
AhnLab-V3	Trojan/Win32.Prorat.R1757
Acronis	suspicious
McAfee	BackDoor-AVW
MAX	malware (ai score=100)
VBA32	MalwareScope.Trojan-PSW.Pinch.1
Cylance	Unsafe
Panda	Trj/Genetic.gen
Zoner	Trojan.Win32.32410
ESET-NOD32	Win32/Prorat.19
TrendMicro-HouseCall	BKDR_AVW.A
Rising	Backdoor.ProRat.19.iv (CLASSIC)
Yandex	Backdoor.Prorat.AR1
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Prorat.I!tr.bdr
AVG	Win32:GenMalicious-BME [Trj]
Avast	Win32:GenMalicious-BME [Trj]
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Backdoor.W32.Prorat.npv