Categories: Backdoor

Backdoor:Win32/Wavipeg.B malicious file

The Backdoor:Win32/Wavipeg.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Wavipeg.B virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Drops a binary and executes it
Authenticode signature is invalid
Created a process from a suspicious location
A process sent information about the computer to a remote location.
Attempts to identify installed AV products by installation directory
Attempts to detect ThreatTrack/GFI/CW Sandbox through the presence of a file
Attempts to modify proxy settings

How to determine Backdoor:Win32/Wavipeg.B?


File Info:
name: D0E053BC404E5AC3DABB.mlwpath: /opt/CAPEv2/storage/binaries/d5547f87facbf8e64e43959cb255d1839a0c329f4079998f31814101f5788935crc32: 7BEBBD78md5: d0e053bc404e5ac3dabbf31624cba891sha1: a3e8a39071170bd00385220cd579ba2eafd1f2fasha256: d5547f87facbf8e64e43959cb255d1839a0c329f4079998f31814101f5788935sha512: a1e02add1ce7271dfcc10d31027f256ea4423de286590c5b5fbd83f70a64a49cfbf60fe6bb7f31384a7f84b74fa07ed3606b4738200cfb8bdffe8f80c4b32ddassdeep: 196608:8P5PkP5PIP5PkP5PQP5PkP5PIP5PkP5P:type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A5769E00B6E1C4B2D857667440ABABA60D7D36352F26E2D3F7601E649D603F2BE3435Esha3_384: 360753b22284ebc8cc9455b78379c3ae495523ea4ea2cf4fad1a769edd7ed6acd04f68cb8a4a7036ba38c75334f797d1ep_bytes: e8e9780000e989feffff8bff558bec83timestamp: 2013-09-30 21:14:21
Version Info:
0: [No Data]

Backdoor:Win32/Wavipeg.B also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.78934
FireEye	Generic.mg.d0e053bc404e5ac3
CAT-QuickHeal	Trojan.AgentPMF.S23799708
McAfee	GenericRXQK-CB!D0E053BC404E
Cylance	Unsafe
Zillya	Trojan.Agent.Win32.2431407
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0048e2411 )
Alibaba	Backdoor:Win32/Wavipeg.a779435d
K7GW	Trojan ( 0048e2411 )
CrowdStrike	win/malicious_confidence_90% (W)
BitDefenderTheta	Gen:NN.ZexaF.34294.@xZ@aafPyGoi
Cyren	W32/S-61bb439d!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/MewsSpy.A
Baidu	Win32.Trojan.MewsSpy.a
TrendMicro-HouseCall	TROJ_GEN.R002C0DKP21
Paloalto	generic.ml
ClamAV	Win.Malware.Qakbot-9860983-1
Kaspersky	Trojan.Win32.Agent.annso
BitDefender	Trojan.GenericKDZ.78934
NANO-Antivirus	Trojan.Win32.MewsSpy.fqjudx
Avast	Win32:Malware-gen
Tencent	Trojan.Win32.BitCoinMiner.la
Ad-Aware	Trojan.GenericKDZ.78934
Emsisoft	Trojan.GenericKDZ.78934 (B)
Comodo	TrojWare.Win32.Sisron.A@549hot
DrWeb	Trojan.DownLoader43.22784
TrendMicro	TROJ_GEN.R002C0DKP21
McAfee-GW-Edition	BehavesLike.Win32.Generic.wh
Sophos	Mal/Generic-S
APEX	Malicious
GData	Trojan.GenericKDZ.78934
Jiangmin	Trojan/Agent.ifva
MaxSecure	Trojan.Malware.121218.susgen
Avira	HEUR/AGEN.1115212
Antiy-AVL	Trojan/Generic.ASMalwS.2B9E81C
ViRobot	Trojan.Win32.Z.Mewsspy.7651392
Microsoft	Backdoor:Win32/Wavipeg.B
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Hupe.Gen
VBA32	Trojan.Agent
ALYac	Trojan.GenericKDZ.78934
MAX	malware (ai score=81)
Malwarebytes	Backdoor.Qbot
Rising	Trojan.Generic@ML.89 (RDML:m3/R7jZvGPsgCEp7yylBow)
SentinelOne	Static AI – Malicious PE
Fortinet	W32/MewsSpy.B!tr
AVG	Win32:Malware-gen
Cybereason	malicious.c404e5
Panda	Trj/Genetic.gen