Backdoor

How to remove “Backdoor:Win32/Ymacco.AA8B”?

Malware Removal

The Backdoor:Win32/Ymacco.AA8B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Ymacco.AA8B virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Backdoor:Win32/Ymacco.AA8B?



File Info:

name: 1583BCF85736E02F4134.mlw
path: /opt/CAPEv2/storage/binaries/a76b833a580fbeae90e952326cdea13ac3673c5adc9e9cfd65922851b0ef9756
crc32: 6113B56B
md5: 1583bcf85736e02f41341c38761f20eb
sha1: 161cc901b078fc5d8ea7cd00daa3c1f7a095f9aa
sha256: a76b833a580fbeae90e952326cdea13ac3673c5adc9e9cfd65922851b0ef9756
sha512: af96a928a9c2221f80802dabacfedea8f37cc4d6e9b22a07f24732b1c2d92664c4992dc9bb4ce541c4e01c753ccb73b97fe7136754e8e57aaf7eb0c0044b5a95
ssdeep: 96:vXLsykEdB6UHh9r1lFFFl2HqRpcE2MNYlnlYJnLe4aA0Kffa0ygr51VFXmPWPajF:/LsTu68Fb4zVMQnlYJLJaATC0ob
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T178F1F90463E58333CB7E17764DA3A6416F7AD7199B23DF2F08C4A16645E33084B62AB5
sha3_384: ff2fe87339db7054a6c7bde194b664ee6a223544d3b440b3820fabf3a5497bf6cb683da40c8a2d94ff66f8d014bd2f7e
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-11-26 22:13:16


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: clr.exe
LegalCopyright:  
OriginalFilename: clr.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor:Win32/Ymacco.AA8B also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanAdware.GenericKD.44700093
FireEyeGeneric.mg.1583bcf85736e02f
McAfeeArtemis!1583BCF85736
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojan:MSIL/MSILKrypt.50fb85cb
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZemsilF.34182.am0@aqQVuSm
VirITTrojan.Win32.Agent.APXY
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.NHN
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderAdware.GenericKD.44700093
NANO-AntivirusTrojan.Win32.Agent.dckatp
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Dxwt
SophosMal/Generic-S
ComodoMalware@#3r66k828g3xrk
ZillyaTrojan.Genome.Win32.241887
McAfee-GW-EditionBehavesLike.Win32.Generic.xt
EmsisoftAdware.GenericKD.44700093 (B)
IkarusGen.Variant.MSILKrypt
WebrootW32.Trojan.Gen
AviraTR/Dropper.MSIL.Gen8
MAXmalware (ai score=65)
Antiy-AVLTrojan/Generic.ASMalwS.DA8E9F
MicrosoftBackdoor:Win32/Ymacco.AA8B
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataAdware.GenericKD.44700093
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.BitMiner.R274069
VBA32TScope.Trojan.MSIL
ALYacAdware.GenericKD.44700093
MalwarebytesMalware.AI.1235564278
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:kZO4RvrZX72pl5zGY4qDDQ)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.AP.17AE6B6!tr
AVGWin32:Trojan-gen

How to remove Backdoor:Win32/Ymacco.AA8B?

Backdoor:Win32/Ymacco.AA8B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment