Backdoor

About “Backdoor:Win32/Tofsee.MAK!MTB” infection

Malware Removal

The Backdoor:Win32/Tofsee.MAK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Tofsee.MAK!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Tofsee malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor:Win32/Tofsee.MAK!MTB?



File Info:

name: A46BF9D15E3C5FDDB676.mlw
path: /opt/CAPEv2/storage/binaries/94933435330c7469cd194c889ac0ae3696b09249827f398b6430d5220d579b37
crc32: 368E298B
md5: a46bf9d15e3c5fddb676519bd1426bf3
sha1: 5f91216f7ef7e1e64b3c703112f528701664a1b4
sha256: 94933435330c7469cd194c889ac0ae3696b09249827f398b6430d5220d579b37
sha512: a96334c43445ce76a54b580d0a33937da85579a1a051f12c776278225c531fde6f56bcc8534e951c5c1caff758ce8c69365a54e653fcd55b859bc7d70e78515b
ssdeep: 6144:KjVCnaC+bF4pIYzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzf:a8BeF4p
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T139D62A29847B28F5C670107CF78C7B7EAAFD06F49EB4015B689C97C1E4289D454ECAA3
sha3_384: 32cfbaafaae01ed4f6ab7e93e4747a6d7215e842fb668a6dcaf2df648f457a9f758c004ab6d885e55bcc1058433c146a
ep_bytes: 558bec81ec8406000053568b35800141
timestamp: 2018-01-13 10:08:37


Version Info:

0: [No Data]

Backdoor:Win32/Tofsee.MAK!MTB also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanBackdoor.Tofsee.DW
FireEyeGeneric.mg.a46bf9d15e3c5fdd
McAfeeBackDoor-FDRN!A46BF9D15E3C
CylanceUnsafe
ZillyaTrojan.Tofsee.Win32.2966
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004b8ae41 )
BitDefenderBackdoor.Tofsee.DW
K7GWTrojan ( 004b8ae41 )
Cybereasonmalicious.15e3c5
CyrenW32/Tofsee.Q.gen!Eldorado
SymantecTrojan.Ascesso!gm
ESET-NOD32a variant of Win32/Tofsee.AX
APEXMalicious
ClamAVWin.Trojan.Tofsee-7102058-0
KasperskyHEUR:Trojan.Win32.Generic
AlibabaBackdoor:Win32/Tofsee.c2889a92
ViRobotTrojan.Win32.Coinminer.11045888
RisingTrojan.Tofsee!1.AF3A (RDMK:cmRtazr0q+rmg0b1xf0b7ixJmC1m)
Ad-AwareBackdoor.Tofsee.DW
EmsisoftBackdoor.Tofsee.DW (B)
ComodoMalCrypt.Indus!@1qrzi1
DrWebBackDoor.Tofsee.199
TrendMicroTROJ_GEN.R002C0CAR22
McAfee-GW-EditionBehavesLike.Win32.Generic.th
SophosMal/Generic-R + Mal/Tinba-AH
IkarusTrojan.Win32.Tofsee
GDataWin32.Backdoor.Tofsee.C
JiangminTrojan.Invader.bin
AviraBDS/Backdoor.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.34FAAD6
ZoneAlarmHEUR:Trojan.Win32.Invader
MicrosoftBackdoor:Win32/Tofsee.MAK!MTB
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Tofsee.R284452
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34182.@tW@ayqTMyf
ALYacBackdoor.Tofsee.DW
VBA32BScope.Backdoor.Tofsee
MalwarebytesBackdoor.Tofsee
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0CAR22
TencentWin32.Trojan.Tofsee.Llhb
YandexTrojan.Agent!aa+uaTXvI8c
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Tofsee.AX!tr
AVGWin32:BackdoorX-gen [Trj]
AvastWin32:BackdoorX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Tofsee.MAK!MTB?

Backdoor:Win32/Tofsee.MAK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment