Categories: Backdoor

Backdoor:Win32/Rescoms.B!bit (file analysis)

The Backdoor:Win32/Rescoms.B!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Rescoms.B!bit virus can do?

Executable code extraction
Creates RWX memory
Detected script timer window indicative of sleep style evasion
Reads data out of its own binary image
A process created a hidden window
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
A scripting utility was executed
Detects Sandboxie through the presence of a library
Checks for the presence of known windows from debuggers and forensic tools
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

Related domains:

edgedl.me.gvt1.com

update.googleapis.com

directlink.cz

How to determine Backdoor:Win32/Rescoms.B!bit?


File Info:
crc32: 786423A3md5: 05d6a41751d7a92eb6aa00c54d51e456name: 05D6A41751D7A92EB6AA00C54D51E456.mlwsha1: cbded43d919fe58f97e76b4975c6f2699a6a62dasha256: 8727bb75e01c91bb1b102988ed2a2a7823b154ef2a224d163f1af5e738f659a4sha512: 2abbdc86c2c9fc568e92918ad779239acfa5668ab3ea2b61109e9a9a5d997f2308249ae955085dc1b8e96d96a536b262d141680f2f02fd0bb0222ca4ef956487ssdeep: 24576:zrXkPCCY614BwVtas65L6d1MpXVJ0wjCXcpRXybViYDgtQ1ur3gQH0B7SYg:XXaQ6SAyJ6fiXXyxiYstQOQQ/rtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Backdoor:Win32/Rescoms.B!bit also known as:

K7AntiVirus	Trojan ( 005583261 )
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	BackDoor.Wirenet.319
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.MauvaiseRI.S5249318
ALYac	Gen:Variant.Ransom.Serpent.5
Cylance	Unsafe
Zillya	Exploit.BypassUAC.Win32.371
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Backdoor:Win32/Rescoms.0782f111
K7GW	Trojan ( 005583261 )
Cybereason	malicious.751d7a
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.FWOY
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ransom.Serpent.5
NANO-Antivirus	Exploit.Win32.BypassUAC.eojfgu
MicroWorld-eScan	Gen:Variant.Ransom.Serpent.5
Tencent	Malware.Win32.Gencirc.10bb14b1
Ad-Aware	Gen:Variant.Ransom.Serpent.5
Sophos	Mal/Generic-S
Comodo	Malware@#ue8hsi0ksopf
BitDefenderTheta	Gen:NN.ZexaF.34170.JzW@ayu76@ii
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Trojan.tc
FireEye	Generic.mg.05d6a41751d7a92e
Emsisoft	Gen:Variant.Ransom.Serpent.5 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Autoit.jaf
Webroot	W32.Trojan.Genkd
Avira	HEUR/AGEN.1103409
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.201B5FF
Microsoft	Backdoor:Win32/Rescoms.B!bit
Arcabit	Trojan.Ransom.Serpent.5
GData	Gen:Variant.Ransom.Serpent.5
AhnLab-V3	Trojan/Win32.Generic.C1952617
McAfee	Artemis!05D6A41751D7
MAX	malware (ai score=84)
VBA32	BScope.Backdoor.Wirenet
Malwarebytes	Malware.AI.2261203163
Panda	Trj/CI.A
Rising	Trojan.Generic@ML.100 (RDML:ni1L2knHXSqraZtJewzWKw)
Yandex	Trojan.GenAsa!diyUI1P1KaA
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/Generic.AC.3F00BC
AVG	Win32:Malware-gen
Paloalto	generic.ml