Backdoor

Backdoor:Win32/Rescoms.B information

Malware Removal

The Backdoor:Win32/Rescoms.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Rescoms.B virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • At least one process apparently crashed during execution
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

How to determine Backdoor:Win32/Rescoms.B?



File Info:

crc32: 572E8758
md5: e0d893bbe8e0619a8244724ab8d31a6b
name: GPA-RA.exe
sha1: f7c0b35ac49968a294dcf41a3df85086a4e9eba5
sha256: 88613ee7cd4b2903e3c61952d22137fd1d3aaf803dad920da2fd3fc77ef087df
sha512: e0bf9474f718c51bf9075c74f7e0be984a363207bcf65021348b555d97373d47e623aca41c644ff6cabe89d5a372a76ceb4c82790e5b1b8f84ee43cf54397a6d
ssdeep: 6144:/ORBAOX9znvY2y8DDRU+D9YH5IFxJM5HUfvr7EMAP8IW:qFTYF8Ky9YH5xUrSP8IW
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2014 - 2019
Assembly Version: 1.8.3.8
InternalName: CentralMemoryAgent.exe
FileVersion: 1.8.3.8
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: CentralMemoryAgent
ProductVersion: 1.8.3.8
FileDescription: CentralMemoryAgent
OriginalFilename: CentralMemoryAgent.exe

Backdoor:Win32/Rescoms.B also known as:

MicroWorld-eScanTrojan.GenericKD.41896631
FireEyeGeneric.mg.e0d893bbe8e0619a
CAT-QuickHealTrojan.MsilFC.S8705191
McAfeeRDN/Generic.gmp
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.MSIL.DOTHETUK.4!c
SangforMalware
K7AntiVirusTrojan ( 005598721 )
BitDefenderTrojan.GenericKD.41896631
K7GWTrojan ( 005598721 )
CrowdStrikewin/malicious_confidence_90% (W)
Invinceaheuristic
BitDefenderThetaGen:NN.ZemsilF.32517.wm0@ae1wCVc
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Kryptik.TER
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Agensla-7343119-0
GDataTrojan.GenericKD.41896631
KasperskyHEUR:Trojan.MSIL.DOTHETUK.gen
AlibabaTrojan:Win32/starter.ali1000139
ViRobotTrojan.Win32.Z.Kryptik.370688.AD
Ad-AwareTrojan.GenericKD.41896631
SophosMal/Kryptik-DW
ComodoMalware@#2wdhjve6mhp1u
F-SecureTrojan.TR/AD.Remcos.pfnag
DrWebTrojan.PWS.Siggen2.34301
ZillyaTrojan.Kryptik.Win32.1790588
TrendMicroTROJ_GEN.R002C0WJH19
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
Trapminesuspicious.low.ml.score
EmsisoftTrojan.GenericKD.41896631 (B)
IkarusTrojan.Inject
CyrenW32/MSIL_Kryptik.RJ.gen!Eldorado
JiangminTrojan.MSIL.mzld
WebrootW32.Trojan.Gen
AviraTR/AD.Remcos.pfnag
MAXmalware (ai score=86)
Endgamemalicious (high confidence)
AhnLab-V3Trojan/Win32.Agent.R294832
ZoneAlarmHEUR:Trojan.MSIL.DOTHETUK.gen
MicrosoftBackdoor:Win32/Rescoms.B
Acronissuspicious
VBA32TScope.Trojan.MSIL
ALYacTrojan.GenericKD.41896631
MalwarebytesTrojan.Crypt.MSIL.Generic
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0WJH19
MaxSecureTrojan.Malware.73691240.susgen
FortinetMSIL/Kryptik.THA!tr
AVGWin32:PWSX-gen [Trj]
AvastWin32:PWSX-gen [Trj]
Qihoo-360Win32/Trojan.7ed

How to remove Backdoor:Win32/Rescoms.B?

Backdoor:Win32/Rescoms.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment