Backdoor

Backdoor:Win32/Turla.AC information

Malware Removal

The Backdoor:Win32/Turla.AC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Turla.AC virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Collects and encrypts information about the computer likely to send to C2 server

How to determine Backdoor:Win32/Turla.AC?



File Info:

name: A029007534B95C2BD8E2.mlw
path: /opt/CAPEv2/storage/binaries/8490daab736aa638b500b27c962a8250bbb8615ae1c68ef77494875ac9d2ada2
crc32: 94F7296C
md5: a029007534b95c2bd8e29e80f97f292d
sha1: 71458cf1ff75e90d555fdd60461366fbc51d4b6d
sha256: 8490daab736aa638b500b27c962a8250bbb8615ae1c68ef77494875ac9d2ada2
sha512: 5976821a2b25ae8b30c75e41e227ab7b16c28ceb6aef74c43b96b9ac8e74dd418ae312c4aa23c8956a7ce6039e5ebd7a8301e731128ac994ea2edd1790bbb6a4
ssdeep: 6144:NHWweNhhFDSieKocE6tSY1hOKUWocOo1CEJv:NH+BYXcE6tRzOKUWocOo1CEh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18F344B083B949A4FC65F8F76E9905A10A370E96B570BE74774C327FC1D4E3AA8E015E2
sha3_384: d9fab50b0ef2e3b09bb7bb84e49fac6dc227a41491595e0d7b85a2612d0cae8917915dc8aa065f5e4613c702d506fcee
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-04-21 11:15:12


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Agent.exe
LegalCopyright:  
OriginalFilename: Agent.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor:Win32/Turla.AC also known as:

LionicTrojan.Win32.Generic.4!c
DrWebTrojan.Siggen7.21595
MicroWorld-eScanGen:Variant.Razy.752052
FireEyeGeneric.mg.a029007534b95c2b
McAfeeRDN/Generic PWS.y
CylanceUnsafe
ZillyaDropper.Injector.Win32.83622
SangforSuspicious.Win32.Save.a
K7AntiVirusSpyware ( 0055e3ec1 )
AlibabaBackdoor:MSIL/Turla.ba341ef2
K7GWSpyware ( 0055e3ec1 )
Cybereasonmalicious.534b95
BitDefenderThetaGen:NN.ZemsilF.34182.om1@a0lYOKm
CyrenW32/A-17b8a5e1!Eldorado
SymantecTrojan.Cassowar
ESET-NOD32a variant of MSIL/Spy.Agent.AYV
TrendMicro-HouseCallTROJ_FRS.0NA103E820
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.752052
NANO-AntivirusTrojan.Win32.Skeeyah.ehgnbj
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.114b578f
EmsisoftGen:Variant.Razy.752052 (B)
ComodoMalware@#10zql3cansm8z
F-SecureHeuristic.HEUR/AGEN.1133172
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_FRS.0NA103E820
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
SentinelOneStatic AI – Malicious PE
SophosGeneric ML PUA (PUA)
IkarusTrojan-Spy.MSIL.Agent
JiangminTrojanDropper.Injector.bkim
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1133172
Antiy-AVLTrojan[Dropper]/Win32.Injector
KingsoftWin32.Troj.Agent.uu.(kcloud)
MicrosoftBackdoor:Win32/Turla.AC
ZoneAlarmHEUR:Trojan.MSIL.Tpyn.gen
GDataGen:Variant.Razy.752052
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.MSILKrypt.R354556
ALYacBackdoor.MSIL.Kazuar
MalwarebytesGeneric.Malware/Suspicious
APEXMalicious
YandexTrojan.DR.Injector!XfPae1qu9P8
FortinetMSIL/Agent.ARE!tr.spy
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/Turla.AC?

Backdoor:Win32/Turla.AC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment