Trojan

Trojan.Win32.Makoob.bg (file analysis)

Malware Removal

The Trojan.Win32.Makoob.bg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Makoob.bg virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Queries information on disks, possibly for anti-virtualization
  • Detects Sandboxie through the presence of a library
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings

How to determine Trojan.Win32.Makoob.bg?



File Info:

name: 2B5DEE42FD386F7BE519.mlw
path: /opt/CAPEv2/storage/binaries/1aa387fbdcfe97e5989a1d597c833e814000bae3e4c21e2ade78ba6188b38c81
crc32: C90C2A88
md5: 2b5dee42fd386f7be5195d7bbec31b06
sha1: 739c231246b4514f08846a34fd224f90d94a73a5
sha256: 1aa387fbdcfe97e5989a1d597c833e814000bae3e4c21e2ade78ba6188b38c81
sha512: f9377c2f13bed1636bea02beb75b179bc4bad8cfbddedd34cffcdb1f0d33190518facd425ae0bf426de65a5ea1231e814e404097332b1678a23ef3b8ed150cc1
ssdeep: 3072:lAsj8MBX8s0oXJz0K9nvYOWolaEbNxB7V88C4MoMZeh3A2UA:lAsBZKKTlawBR88JMLURA2UA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T146049E93F1C091E6E5D086302A1BA52167A33D36BA1C95473354FB2AE7F3367C63AC16
sha3_384: 6c6de3bd74d8daff23e4dec8b8262e9b6edf743c5f30a64dc7263b3b1191fb4c9bb7577ebee8318db1444003930f646f
ep_bytes: 81ec8401000053555633db57895c2418
timestamp: 2014-10-07 04:40:17


Version Info:

CompanyName: 
FileDescription: VirtualDub
FileVersion: 1.7.1.8
LegalCopyright: Copyright © 1998-2013 by Avery Lee, All Rights Reserved.
ProductName: VirtualDub
ProductVersion: 1.7.1.8
Translation: 0x0000 0x04e4

Trojan.Win32.Makoob.bg also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Makoob.4!c
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Phorpiex.54
MicroWorld-eScanGen:Variant.Strictor.244547
FireEyeGeneric.mg.2b5dee42fd386f7b
ALYacGen:Variant.Strictor.244547
CylanceUnsafe
ZillyaTrojan.Onion.Win32.238
SangforTrojan.Win32.Injector.CEMR
K7AntiVirusTrojan ( 004c7eb51 )
BitDefenderGen:Variant.Strictor.244547
K7GWTrojan ( 0055e3991 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZedlaF.34182.by4@ameTlib
VirITTrojan.Win32.Inject2.CMDV
CyrenW32/Trojan.AZCS-8459
SymantecSMG.Heur!gen
ESET-NOD32Win32/Injector.CEMR
APEXMalicious
KasperskyTrojan.Win32.Makoob.bg
AlibabaTrojan:Win32/Makoob.b0ae60fd
NANO-AntivirusTrojan.Win32.MlwGen.duauqd
RisingTrojan.Win32.Crypto.j (CLOUD)
Ad-AwareGen:Variant.Strictor.244547
ComodoMalware@#fvfpewees3hk
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_RYPTDEC.A
EmsisoftGen:Variant.Strictor.244547 (B)
SentinelOneStatic AI – Suspicious PE
AviraTR/Injector.gwpsf
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.2273733
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Skeeyah.A!bit
GDataGen:Variant.Strictor.244547
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win32.Limitail.R165144
McAfeeTrojan-FOXG!2B5DEE42FD38
TACHYONRansom/W32.Onion.179162
VBA32Trojan.Wacatac
MalwarebytesMalware.AI.1187786674
TrendMicro-HouseCallTROJ_RYPTDEC.A
TencentWin32.Trojan.Makoob.Hrzh
YandexTrojan.Injector!cp20HWMfvXo
IkarusTrojan.Win32.Injector
FortinetW32/CEMR.A!tr
AVGWin32:Phorpiex-J [Cryp]
Cybereasonmalicious.2fd386
AvastWin32:Phorpiex-J [Cryp]

How to remove Trojan.Win32.Makoob.bg?

Trojan.Win32.Makoob.bg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment