Malware

Dropped:Generic.Botget2.611519B4 (file analysis)

Malware Removal

The Dropped:Generic.Botget2.611519B4 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Generic.Botget2.611519B4 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Checks for the presence of known windows from debuggers and forensic tools
  • Installs itself for autorun at Windows startup
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

Related domains:

cxl124578.223123.yes165.com

How to determine Dropped:Generic.Botget2.611519B4?



File Info:

crc32: F81DDAF4
md5: 1c84e2a3ae7a1e634ef01128cd92ba25
name: 1C84E2A3AE7A1E634EF01128CD92BA25.mlw
sha1: dcd881eca05ffb3e2651a33315cfce7dd6159732
sha256: dff7bd64fb4b045fafadf2f75b86298b0a5b1a0579eec16010134081f3dcd8e6
sha512: 2d4a2191ffe9310e3f0cc24ea4f2c070db54f089b422330b92bbc1090e6d419c54c768dca2a19ce0c59e2a41c1aa4622bc1916bc90439389825cb07505ae2749
ssdeep: 1536:u5neEhlcTW5sk1jtf2XvWINndIcN6JyRs5gqt4C3ienW:Unj9jtfU+INndIc0JJ5oC3iKW
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (C) Microsoft Corporation. All rights reserved.
InternalName: Wextract                
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.2900.2180
FileDescription: Win32 Cabinet Self-Extractor                                           
OriginalFilename: WEXTRACT.EXE            
Translation: 0x0804 0x04b0

Dropped:Generic.Botget2.611519B4 also known as:

Elasticmalicious (high confidence)
ALYacDropped:Generic.Botget2.611519B4
CylanceUnsafe
SangforSuspicious.Win32.Save.a
AlibabaBackdoor:Win32/XPACK.a92fd6ac
Cybereasonmalicious.3ae7a1
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastBV:Malware-gen
BitDefenderDropped:Generic.Botget2.611519B4
NANO-AntivirusTrojan.Win32.Botget.esnsbs
ViRobotBackdoor.Win32.Hupigon.486400.H
MicroWorld-eScanDropped:Generic.Botget2.611519B4
TencentWin32.Trojan.Botget.Eans
Ad-AwareDropped:Generic.Botget2.611519B4
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.1c84e2a3ae7a1e63
EmsisoftDropped:Generic.Botget2.611519B4 (B)
JiangminBackdoor/IRCBot.etp
eGambitUnsafe.AI_Score_57%
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataDropped:Generic.Botget2.611519B4
McAfeeArtemis!1C84E2A3AE7A
VBA32Backdoor.Bladabindi
MalwarebytesMachineLearning/Anomalous.100%
YandexTrojan.GenAsa!Fwk+UjDRvGU
AVGBV:Malware-gen
Paloaltogeneric.ml

How to remove Dropped:Generic.Botget2.611519B4?

Dropped:Generic.Botget2.611519B4 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment