Categories: BackdoorSpy

UDS:Backdoor.Win32.SpyGate information

The UDS:Backdoor.Win32.SpyGate is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What UDS:Backdoor.Win32.SpyGate virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Detected script timer window indicative of sleep style evasion
Expresses interest in specific running processes
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
A scripting utility was executed
Deletes its original binary from disk
Checks for the presence of known windows from debuggers and forensic tools
A process attempted to delay the analysis task by a long amount of time.
Attempts to repeatedly call a single API many times in order to delay analysis time
The following process appear to have been packed with Themida: sys32.exe, sys32.exe, sys32.exe, BEE06A98C3C77120D75B5DE5EDD5A31F.mlw
Installs itself for autorun at Windows startup
Checks for the presence of known devices from debuggers and forensic tools
Detects the presence of Wine emulator via registry key
Detects VirtualBox through the presence of a registry key
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

amu.bestcat.xyz

How to determine UDS:Backdoor.Win32.SpyGate?


File Info:
crc32: ABD9B399md5: bee06a98c3c77120d75b5de5edd5a31fname: BEE06A98C3C77120D75B5DE5EDD5A31F.mlwsha1: 06920c55143ef59192590c627337226fc1e999f4sha256: 03933c5760f7f573ec98d4ca65f367bfe18cfc882aa3c9d125da9c0f9282957csha512: 303f57566401bcd63318e83969c149ccc21da866f2293adf9f3bf88ff621b94e29e44e95d090b13ee22cf87848a35b3f3ce96b644a12a6a05c0cc6f5e46572f3ssdeep: 24576:wN8m6GU9ISnG287x4vqVaEnGGTTcOjk4e8n:wN7UCwixYia/oT9jstype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Beijing Huorong Network Technology Co., Ltd.InternalName: wsctrlFileVersion: 5.0.0.0CompanyName: Beijing Huorong Network Technology Co., Ltd.ProductName: Huorong Internet SecurityProductVersion: 5.0.0.0FileDescription: Huorong Internet Security WSC ComponentOriginalFilename: wsctrl.exeTranslation: 0x0409 0x04b0

UDS:Backdoor.Win32.SpyGate also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen13.43765
Cynet	Malicious (score: 100)
McAfee	Artemis!BEE06A98C3C7
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_90% (W)
Cybereason	malicious.5143ef
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.Themida.HFE
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	UDS:Backdoor.Win32.SpyGate.gen
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Agent.COC@52vn2u
BitDefenderTheta	Gen:NN.ZexaF.34692.az1aa82SFCfj
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.tc
FireEye	Generic.mg.bee06a98c3c77120
SentinelOne	Static AI – Suspicious PE
Microsoft	Trojan:Win32/Wacatac.B!ml
Gridinsoft	Trojan.Heur!.030100A1
GData	Win32.Trojan.Agent.M5029M
AhnLab-V3	Malware/Win.AGEN.C4491118
TrendMicro-HouseCall	TROJ_GEN.R005H0CEP21
Rising	Malware.Heuristic!ET#98% (RDMK:cmRtazprHZjbYNZRYUVMDfPV3qDx)
Ikarus	Trojan.Win32.Themida
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/SpyGate!tr.bdr
AVG	Win32:Trojan-gen