Categories: Backdoor

Backdoor:Win32/Vawtrak (file analysis)

The Backdoor:Win32/Vawtrak is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Vawtrak virus can do?

Sample contains Overlay data
Unconventionial language used in binary resources: Georgian
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Backdoor:Win32/Vawtrak?


File Info:
name: D02B09B6DA2F58D22E5D.mlwpath: /opt/CAPEv2/storage/binaries/7bea5a35c0cea1a371d4014178c9f5039252808a4621f1e9f0d0c581b0aeac10crc32: CADC8C6Amd5: d02b09b6da2f58d22e5d3e128d55b247sha1: 7680a64d04d40deec22bd6b104d4f159a2b19b67sha256: 7bea5a35c0cea1a371d4014178c9f5039252808a4621f1e9f0d0c581b0aeac10sha512: 8452dfebe367f4704ceecd0db598fef83b86b2dc46383e1e9cb442b35a68dd3740c1d8023c65471e3d0351defc3164be5d4c4416518d59183e78a8bac72c5315ssdeep: 3072:Ded+UxfPiMqbMbrNAPDO+BKpfpUkgKtznFGpB6AQs9OMS6w+Oes/GDxiFf2ClqS5:DmTbbrqPxefpUnEFGLwsPpeeDx+fDHtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1F814F10CE44AD0B7D9E606F679858BD3931C124C233B2C5F2B1EAB1666A14CF0D61BEDsha3_384: fb9f1a5c9fca722f7c98b47351e9e98bb5a2597a9997d22ea75d0a3be62b6c352e74b0c2ebd31ec38f03548c07791a1aep_bytes: 6a7068d8f14200e8de01000033db538btimestamp: 2005-07-22 07:21:35
Version Info:
Comments: CompanyName: Microsoft BurstingFileDescription: ComplimentedFileVersion: 223, 80, 127, 250InternalName: VocalsLegalCopyright: Copyright © 2014LegalTrademarks: OriginalFilename: Ban.exePrivateBuild: ProductName: Microsoft CaseloadProductVersion: 8, 76, 123, 154SpecialBuild:

Backdoor:Win32/Vawtrak also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.mAsy
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Agent.FFVZ
ClamAV	Win.Packed.Ursu-7372399-0
FireEye	Trojan.Agent.FFVZ
CAT-QuickHeal	Backdoor.VawtrakCS.S452016
McAfee	GenericRXBA-JH!D02B09B6DA2F
Cylance	unsafe
Zillya	Backdoor.Androm.Win32.27664
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Spyware ( 0055b8741 )
Alibaba	Trojan:Win32/Vawtrak.90dd
K7GW	Spyware ( 0055b8741 )
Cybereason	malicious.d04d40
Arcabit	Trojan.Agent.FFVZ
VirIT	Trojan.Win32.Dnldr17.BQDV
Cyren	W32/S-ec502958!Eldorado
Symantec	Infostealer.Shifu
tehtris	Generic.Malware
APEX	Malicious
Cynet	Malicious (score: 100)
BitDefender	Trojan.Agent.FFVZ
ViRobot	Trojan.Win32.Inject.208912
Avast	Win32:Shifu-D [Trj]
Tencent	Malware.Win32.Gencirc.10b2f7f9
Sophos	Troj/Tinba-FL
F-Secure	Trojan.TR/AD.Shifu.bdmlu
DrWeb	Trojan.DownLoader17.28491
VIPRE	Trojan.Agent.FFVZ
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Emsisoft	Trojan.Agent.FFVZ (B)
Ikarus	Backdoor.Win32.Vawtrak
Jiangmin	Trojan.Generic.jmb
Avira	TR/AD.Shifu.bdmlu
MAX	malware (ai score=85)
Antiy-AVL	Trojan[Backdoor]/Win32.Androm
Xcitium	TrojWare.Win32.Spy.Shiz.ND@6uylou
Microsoft	Backdoor:Win32/Vawtrak
SUPERAntiSpyware	Trojan.Agent/Gen-Cripack
GData	Win32.Trojan.PSE.BT9IQ
Google	Detected
AhnLab-V3	Trojan/Win32.Agent.C1032537
Acronis	suspicious
ALYac	Trojan.Agent.FFVZ
TACHYON	Trojan/W32.Agent.208901.B
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
Rising	Backdoor.Vawtrak!1.AE6A (CLASSIC)
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Scribble.B!tr
AVG	Win32:Shifu-D [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)