What is “Backdoor:Win32/Tofsee.KM!MTB”?

Malware Removal

The Backdoor:Win32/Tofsee.KM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor:Win32/Tofsee.KM!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Unconventionial language used in binary resources: Danish
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

onlynew.xyz

How to determine Backdoor:Win32/Tofsee.KM!MTB?


File Info:

crc32: 3174C888
md5: 528b632a2846b97d1d6bc9756445a6d2
name: download2Bcity2Bbus2Bsimulator2B2018-skidrow2B2Bgame3rb-RTMD-anihb154jwaavhwcaezsfwaoaeaitioa.exe
sha1: a68b1b48327ea370288a3c8e70f720b227814d4b
sha256: 22adb7035a25bc288cb78f323f52c1c33a9e5113b387644da2947a3a1512e64f
sha512: 6da07734df2bb392a48bae53fbeec2519a1b62bf5e35ec49543fb7d8e9e3e26bbdf8169531dd9217a8c1958890aa3e865002fbca1f78b94e994ac3ca3a8bfb6f
ssdeep: 98304:Q6v26c3KFn+AJdB/tUx9YRMBjEJveqBuA7bpo2w/ZUAAXy:HK6nvJdB/tysMBEJvzuYzwhURC
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Backdoor:Win32/Tofsee.KM!MTB also known as:

BkavW32.AIDetectVM.malware
MicroWorld-eScanTrojan.GenericKD.33549302
FireEyeGeneric.mg.528b632a2846b97d
ALYacTrojan.GenericKD.33549302
MalwarebytesTrojan.MalPack.GS
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.33549302
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.8327ea
TrendMicroTROJ_GEN.R002C0DCI20
BitDefenderThetaGen:NN.ZexaF.34100.ZJW@a40z9ZnG
CyrenW32/Trojan.KPZV-1841
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002C0DCI20
Paloaltogeneric.ml
GDataTrojan.GenericKD.33549302
KasperskyHEUR:Trojan.Win32.Sdum.gen
ViRobotTrojan.Win32.Z.Agent.3992064
AvastWin32:DropperX-gen [Drp]
Ad-AwareTrojan.GenericKD.33549302
SophosMal/RyPack-A
F-SecureTrojan.TR/AD.GoCloudnet.efijr
DrWebTrojan.Siggen9.21586
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
SentinelOneDFI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.33549302 (B)
APEXMalicious
AviraTR/AD.GoCloudnet.efijr
Antiy-AVLTrojan[Backdoor]/Win32.Tofsee
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D1FFEBF6
ZoneAlarmHEUR:Trojan.Win32.Sdum.gen
MicrosoftBackdoor:Win32/Tofsee.KM!MTB
AhnLab-V3Trojan/Win32.MalPe.R328920
Acronissuspicious
McAfeeArtemis!528B632A2846
MAXmalware (ai score=99)
VBA32BScope.Trojan.AET.281105
ESET-NOD32a variant of Win32/Kryptik.HBYU
RisingBackdoor.Tofsee!8.1E9 (C64:YzY0OjT7geBGE8ul)
YandexTrojan.Kryptik!yMrbW22YDPM
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_78%
FortinetW32/Kryptik.A!tr
WebrootW32.Trojan.Gen
AVGWin32:DropperX-gen [Drp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Generic/HEUR/QVM10.2.ECD3.Malware.Gen

How to remove Backdoor:Win32/Tofsee.KM!MTB?

Backdoor:Win32/Tofsee.KM!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment