Backdoor.Win32.Vawtrak.xy

What is the Win32:Evo-gen [Trj] virus?
Written by Robert Bailey

What is Backdoor.Win32.Vawtrak.xy infection?

In this short article you will certainly locate concerning the meaning of Backdoor.Win32.Vawtrak.xy and also its negative impact on your computer system. Such ransomware are a kind of malware that is specified by on the internet scams to require paying the ransom money by a target.

GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

In the majority of the instances, Backdoor.Win32.Vawtrak.xy virus will advise its targets to start funds transfer for the purpose of neutralizing the modifications that the Trojan infection has introduced to the target’s device.

Backdoor.Win32.Vawtrak.xy Summary

These alterations can be as follows:

  • Executable code extraction;
  • Creates RWX memory;
  • The binary likely contains encrypted or compressed data.;
  • Attempts to repeatedly call a single API many times in order to delay analysis time;
  • Collects information about installed applications;
  • Attempts to identify installed AV products by registry key;
  • Collects information to fingerprint the system;
  • Ciphering the files situated on the target’s disk drive — so the target can no more make use of the data;
  • Preventing regular access to the sufferer’s workstation;

Related domains:

4yg68a8ekesa.comRansom_HPLOCKY.SME1
eoq0ikugy86o.orgRansom_HPLOCKY.SME1
0mci02s24is2.orgRansom_HPLOCKY.SME1
esm0ew2wuoag.netRansom_HPLOCKY.SME1
4a0acaga4i0m.netRansom_HPLOCKY.SME1
2wqc2w2seoqw.netRansom_HPLOCKY.SME1
8yk64egikycm.orgRansom_HPLOCKY.SME1
6468ygygy86g.comRansom_HPLOCKY.SME1
w2omwu0ycu8q.netRansom_HPLOCKY.SME1
m0ac2gasq8u4.orgRansom_HPLOCKY.SME1
cmsm824u4qs6.orgRansom_HPLOCKY.SME1
ac2wi4awm82k.orgRansom_HPLOCKY.SME1
0uk64msqg2ka.netRansom_HPLOCKY.SME1
e0acuo24uwug.netRansom_HPLOCKY.SME1
cu8a8uo2c2ca.netRansom_HPLOCKY.SME1
20qsyse0u0e8.netRansom_HPLOCKY.SME1
4qs6wqwqcyge.orgRansom_HPLOCKY.SME1
a8286ougecm8.netRansom_HPLOCKY.SME1
4ugio20i0246.comRansom_HPLOCKY.SME1
u8igy0iwasm4.comRansom_HPLOCKY.SME1
omkioakmsewa.netRansom_HPLOCKY.SME1
moao6oak2cis.comRansom_HPLOCKY.SME1
g2cqkes2024a.orgRansom_HPLOCKY.SME1
is2cismo2sqc.comRansom_HPLOCKY.SME1
kuc24y86oiwm.orgRansom_HPLOCKY.SME1
246o2omk6kyg.orgRansom_HPLOCKY.SME1
wm0iguwqoisy.comRansom_HPLOCKY.SME1
ekuguk6wqwms.netRansom_HPLOCKY.SME1
0e0a4u4ykuc2.orgRansom_HPLOCKY.SME1
ak68ewusq4aw.comRansom_HPLOCKY.SME1
wekiki8ac6c2.orgRansom_HPLOCKY.SME1
mo6ses6sms2w.orgRansom_HPLOCKY.SME1
cqcmc6oe8mwm.netRansom_HPLOCKY.SME1
ekykise86oy0.orgRansom_HPLOCKY.SME1
8m0useg6ki0e.comRansom_HPLOCKY.SME1
m8u4q4ysmgmo.netRansom_HPLOCKY.SME1
s2cm8ao2ca0a.orgRansom_HPLOCKY.SME1
ioe468moq060.netRansom_HPLOCKY.SME1
8ywug2cu8ukq.orgRansom_HPLOCKY.SME1
ec6wygqcmwas.orgRansom_HPLOCKY.SME1
0m0yom064ek6.netRansom_HPLOCKY.SME1
mse8e8ygegis.orgRansom_HPLOCKY.SME1
0ik686cek642.orgRansom_HPLOCKY.SME1
ao24io2g2cu8.netRansom_HPLOCKY.SME1
cy4ikasucewm.orgRansom_HPLOCKY.SME1
m4qoy4esuoys.comRansom_HPLOCKY.SME1
se8qg2k2gi0i.orgRansom_HPLOCKY.SME1
mo6kmc2oykew.orgRansom_HPLOCKY.SME1
4ywege8ekawa.orgRansom_HPLOCKY.SME1
20ak6ke8ywqs.netRansom_HPLOCKY.SME1
824i4mw2gykm.orgRansom_HPLOCKY.SME1
2om4msys6g2g.comRansom_HPLOCKY.SME1
0qcqs2wakqka.netRansom_HPLOCKY.SME1
6gusmw6w68ao.comRansom_HPLOCKY.SME1
gu8a0mcq8ygy.netRansom_HPLOCKY.SME1
msy42seo20ec.netRansom_HPLOCKY.SME1
4usqkeke4y0m.netRansom_HPLOCKY.SME1
ug2oy824uoy0.orgRansom_HPLOCKY.SME1
w2wqc6kigyw6.orgRansom_HPLOCKY.SME1
ucysqgiwq4mo.comRansom_HPLOCKY.SME1
4q8egycm0eoq.orgRansom_HPLOCKY.SME1
acmwiki4q028.netRansom_HPLOCKY.SME1
4e8m820m4uca.comRansom_HPLOCKY.SME1
m0y06ceo6wms.orgRansom_HPLOCKY.SME1
o24iwmgyoqk2.orgRansom_HPLOCKY.SME1
2gy8qo2g24ak.netRansom_HPLOCKY.SME1
oisiwuwmwyou.orgRansom_HPLOCKY.SME1
agy0m8u8egms.comRansom_HPLOCKY.SME1
8isyga4ewaoa.orgRansom_HPLOCKY.SME1
is60agmceom4.comRansom_HPLOCKY.SME1
0ukmkqwqcq4e.orgRansom_HPLOCKY.SME1
2o6cqkqouoao.netRansom_HPLOCKY.SME1
ge0i0yc6guga.netRansom_HPLOCKY.SME1
ekakuw2omwi8.comRansom_HPLOCKY.SME1
0i4aci4esm4i.netRansom_HPLOCKY.SME1
ucqg2ouw2g6g.netRansom_HPLOCKY.SME1
o6424ms6oe4m.orgRansom_HPLOCKY.SME1
ywmw6om46g6g.orgRansom_HPLOCKY.SME1
8iwm8qw2g20a.netRansom_HPLOCKY.SME1
a0e4m8uo68uk.orgRansom_HPLOCKY.SME1
0y4usqge4e8i.comRansom_HPLOCKY.SME1
6wqkys2c6ous.netRansom_HPLOCKY.SME1
4ake8q0uwis2.comRansom_HPLOCKY.SME1
e82s6wmci4ek.orgRansom_HPLOCKY.SME1
gewekyouc2c6.orgRansom_HPLOCKY.SME1
eg2oe860a0uw.netRansom_HPLOCKY.SME1
wigaky8q4usy.netRansom_HPLOCKY.SME1
aoyoysmcuk68.orgRansom_HPLOCKY.SME1
8esigq0yguw6.netRansom_HPLOCKY.SME1
246gekqw64e0.comRansom_HPLOCKY.SME1
s28m8ioqomka.comRansom_HPLOCKY.SME1
acuouci8awa0.orgRansom_HPLOCKY.SME1
86gqoqguwqcu.comRansom_HPLOCKY.SME1
is2ouc2oeoag.netRansom_HPLOCKY.SME1
cysuououk6o6.orgRansom_HPLOCKY.SME1
6gy8e0i82cqs.orgRansom_HPLOCKY.SME1
864asicuceoi.comRansom_HPLOCKY.SME1
ecm8ycmkygyo.orgRansom_HPLOCKY.SME1
kugysu4i8e4i.orgRansom_HPLOCKY.SME1
2cy8u4ms6cik.orgRansom_HPLOCKY.SME1
86sykukeom4q.netRansom_HPLOCKY.SME1
ecq4ukmoqgy0.comRansom_HPLOCKY.SME1
8m8yku8iwe0m.comRansom_HPLOCKY.SME1
q0iwykisqouc.comRansom_HPLOCKY.SME1
0yk64m86wio2.netRansom_HPLOCKY.SME1
qkm86ka4m0m8.comRansom_HPLOCKY.SME1
cqwiseg6c2wq.netRansom_HPLOCKY.SME1
m82sm02kyg6k.comRansom_HPLOCKY.SME1
ki4ysa0icy42.netRansom_HPLOCKY.SME1
i0i0u4esm8is.netRansom_HPLOCKY.SME1
8i0qoe4y4yc2.comRansom_HPLOCKY.SME1
a8ysqsaw2ci4.comRansom_HPLOCKY.SME1
gyk2o6wy8a4u.netRansom_HPLOCKY.SME1
uci4qomk2gu4.netRansom_HPLOCKY.SME1
cyoig2wuo6ge.orgRansom_HPLOCKY.SME1
6cusioa4ioq4.orgRansom_HPLOCKY.SME1
4u8usuoug6cm.orgRansom_HPLOCKY.SME1
ekeg28mg24eo.netRansom_HPLOCKY.SME1
0qsm060icmo2.netRansom_HPLOCKY.SME1
ygmce4qsewu8.orgRansom_HPLOCKY.SME1
sawacecq4qwm.comRansom_HPLOCKY.SME1
2ge0e8qcismo.netRansom_HPLOCKY.SME1
w6wegag28esi.comRansom_HPLOCKY.SME1
mkysi42cu8ec.netRansom_HPLOCKY.SME1
caw6w6gmo6wa.orgRansom_HPLOCKY.SME1
ygekiwecawyw.orgRansom_HPLOCKY.SME1
824a424ewigy.comRansom_HPLOCKY.SME1
2sa0qcakuwqo.orgRansom_HPLOCKY.SME1
si8eoigy4i46.comRansom_HPLOCKY.SME1
m424akq4egeo.netRansom_HPLOCKY.SME1
82cq0esykuwe.comRansom_HPLOCKY.SME1
y4iwmg6wek2w.orgRansom_HPLOCKY.SME1
sesqgag2sq0m.orgRansom_HPLOCKY.SME1
6k2g2ou82gi4.comRansom_HPLOCKY.SME1
4aoyw28u4e4e.comRansom_HPLOCKY.SME1
isec20ugusyg.comRansom_HPLOCKY.SME1
8ykqg6o6oqsq.comRansom_HPLOCKY.SME1
u4mgqw2ouou4.netRansom_HPLOCKY.SME1
0qs2kysa8qci.netRansom_HPLOCKY.SME1
20qwige0egu0.netRansom_HPLOCKY.SME1
86oa0mky02gq.orgRansom_HPLOCKY.SME1
moq86kuwm0qg.netRansom_HPLOCKY.SME1
g6ki8uw64qcu.netRansom_HPLOCKY.SME1
agq46su4y4ac.orgRansom_HPLOCKY.SME1
0mwioy8u86se.netRansom_HPLOCKY.SME1
aoewus6s6kyc.netRansom_HPLOCKY.SME1
cyg2we02kegi.netRansom_HPLOCKY.SME1
mguga428ekms.netRansom_HPLOCKY.SME1
wecege0qs28e.orgRansom_HPLOCKY.SME1
2sewi0awqkq0.orgRansom_HPLOCKY.SME1
kqo6o20a0m4m.orgRansom_HPLOCKY.SME1
qoqgq0akuci4.netRansom_HPLOCKY.SME1
g6wuk2ke4y0a.comRansom_HPLOCKY.SME1
a828m86seou4.orgRansom_HPLOCKY.SME1
wi0uwuwqsm8q.orgRansom_HPLOCKY.SME1
6wq82wi4ucew.comRansom_HPLOCKY.SME1
4e4yoyo6cysm.orgRansom_HPLOCKY.SME1
moi4mgusqca0.orgRansom_HPLOCKY.SME1
c6wqgagecak6.orgRansom_HPLOCKY.SME1
u0e4i8mwq42s.orgRansom_HPLOCKY.SME1
0mwqguouk2c2.netRansom_HPLOCKY.SME1
ioyoy02kig60.netRansom_HPLOCKY.SME1
wmgmguwe0mcy.orgRansom_HPLOCKY.SME1
isek646sysuo.orgRansom_HPLOCKY.SME1
8msac28ak20q.comRansom_HPLOCKY.SME1
i82oacqw2kug.netRansom_HPLOCKY.SME1
0qkeo6ou4ugi.netRansom_HPLOCKY.SME1
asm02oqo24ac.orgRansom_HPLOCKY.SME1
suwe8ak28242.orgRansom_HPLOCKY.SME1
e0a8ysi4eg28.orgRansom_HPLOCKY.SME1
428e0awa0yoa.orgRansom_HPLOCKY.SME1
akm820m4ywi4.netRansom_HPLOCKY.SME1
w20iwmoeoe86.comRansom_HPLOCKY.SME1
m42ousecu86w.orgRansom_HPLOCKY.SME1
gic2gisecygi.orgRansom_HPLOCKY.SME1
a46c28qs6kmo.orgRansom_HPLOCKY.SME1
suce4ecqgegq.orgRansom_HPLOCKY.SME1
u0uwy4uc6we0.orgRansom_HPLOCKY.SME1
o6se0mwmci42.comRansom_HPLOCKY.SME1
io6o206smoy4.netRansom_HPLOCKY.SME1
gm8q0age8q82.comRansom_HPLOCKY.SME1
aku8yoyw6gyk.orgRansom_HPLOCKY.SME1
cmgmw6cuciwa.comRansom_HPLOCKY.SME1
egmcigiwyga4.netRansom_HPLOCKY.SME1
o6wuwy02ka8q.orgRansom_HPLOCKY.SME1
us28ygucecq8.netRansom_HPLOCKY.SME1
4ike0igusyki.orgRansom_HPLOCKY.SME1
isy46k64isys.orgRansom_HPLOCKY.SME1
kisaceoe864i.netRansom_HPLOCKY.SME1
u0icis2k6w24.comRansom_HPLOCKY.SME1
wmk2gy0ic2ou.netRansom_HPLOCKY.SME1
isus2ci8mcak.comRansom_HPLOCKY.SME1
8uk2ci8agawa.comRansom_HPLOCKY.SME1
60mguk6gmwm4.orgRansom_HPLOCKY.SME1
wagysisa42ki.comRansom_HPLOCKY.SME1
24mgiwukmkyc.netRansom_HPLOCKY.SME1
4ywi8qwy8awy.orgRansom_HPLOCKY.SME1
m0mwi8ace0mk.netRansom_HPLOCKY.SME1
ka8ag6ky4mga.orgRansom_HPLOCKY.SME1
e4m86omcu8i8.comRansom_HPLOCKY.SME1

Backdoor.Win32.Vawtrak.xy

The most regular networks through which Backdoor.Win32.Vawtrak.xy Ransomware Trojans are injected are:

  • By means of phishing e-mails;
  • As a consequence of individual winding up on a resource that holds a harmful software;

As quickly as the Trojan is efficiently infused, it will either cipher the data on the sufferer’s PC or protect against the gadget from functioning in an appropriate way – while likewise placing a ransom money note that mentions the demand for the victims to impact the payment for the purpose of decrypting the documents or recovering the file system back to the initial problem. In the majority of instances, the ransom note will come up when the client reboots the PC after the system has actually already been harmed.

Backdoor.Win32.Vawtrak.xy distribution channels.

In numerous edges of the world, Backdoor.Win32.Vawtrak.xy expands by jumps and also bounds. Nevertheless, the ransom notes and also tricks of extorting the ransom money quantity might differ relying on particular local (local) settings. The ransom notes and also tricks of obtaining the ransom money quantity might differ depending on particular local (regional) setups.

Ransomware injection

For example:

    Faulty notifies concerning unlicensed software application.

    In particular locations, the Trojans commonly wrongfully report having actually identified some unlicensed applications made it possible for on the sufferer’s device. The alert then demands the customer to pay the ransom.

    Faulty statements about illegal material.

    In nations where software application piracy is less prominent, this method is not as effective for the cyber fraudulences. Conversely, the Backdoor.Win32.Vawtrak.xy popup alert may wrongly declare to be originating from a law enforcement establishment and will report having situated child porn or various other unlawful data on the gadget.

    Backdoor.Win32.Vawtrak.xy popup alert might falsely claim to be acquiring from a regulation enforcement institution and also will report having located youngster porn or other prohibited information on the gadget. The alert will likewise consist of a need for the customer to pay the ransom.

Technical details

File Info:

crc32: CFF57FFB
md5: bc490040926ba2972ebffc0cbbb019dd
name: BC490040926BA2972EBFFC0CBBB019DD.mlw
sha1: ffbb802dd7ff2807766d69ffc204bf142d7a72ad
sha256: b0d0b706a6fce4384b82c78a3425f765ba613bb4b39ab52778843fb2a006de9e
sha512: 1cbb7f09f7ef2ef72be670964566e0befa0f5cbe8a15f903b3ede6523906bb683ddb2d53726888f7a9ec13c49bdd20589e1232d8c2d2ddb64e72fb922b81ccec
ssdeep: 6144:BZvuh9MsS8RhYYxNJ7UZ0bhizOqbSTekl:BZvuTMsS8D3e4hizKTe2
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (c) 2014 - . All rights reserved. WestByte
InternalName: Inpo
CompanyName: WestByte
Comments: Univacs Rationale Conversational
ProductName: Inpo
ProductVersion: 3.7.5.62
FileDescription: Univacs Rationale Conversational
Translation: 0x0409 0x04b0

Backdoor.Win32.Vawtrak.xy also known as:

GridinSoftTrojan.Ransom.Gen
BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 00503ae41 )
Elasticmalicious (high confidence)
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
K7GWTrojan ( 00503ae41 )
Cybereasonmalicious.dd7ff2
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Vawtrak.xy
NANO-AntivirusTrojan.Win32.Vawtrak.evwcgo
TencentWin32.Backdoor.Vawtrak.Pgmr
SophosMal/Generic-S
DrWebTrojan.PWS.Qadars.47
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPLOCKY.SME1
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.bc490040926ba297
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1127217
eGambitUnsafe.AI_Score_99%
MicrosoftTrojan:Win32/Dynamer!rfn
AegisLabTrojan.Multi.Generic.4!c
ZoneAlarmBackdoor.Win32.Vawtrak.xy
Acronissuspicious
McAfeeArtemis!BC490040926B
MAXmalware (ai score=96)
VBA32BScope.TrojanSpy.Zbot
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/CI.A
TrendMicro-HouseCallRansom_HPLOCKY.SME1
RisingTrojan.Generic@ML.100 (RDML:qgAqQZVLGTWt3RlJUQgxEg)
IkarusTrojan-Spy.Remcos
FortinetW32/Kryptik.EJXP!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Backdoor.Win32.Vawtrak.xy virus?

Unwanted application has ofter come with other viruses and spyware. This threats can steal account credentials, or crypt your documents for ransom.
Reasons why I would recommend GridinSoft1

There is no better way to recognize, remove and prevent PC threats than to use an anti-malware software from GridinSoft2.

Download GridinSoft Anti-Malware.

You can download GridinSoft Anti-Malware by clicking the button below:

Run the setup file.

When setup file has finished downloading, double-click on the setup-antimalware-fix.exe file to install GridinSoft Anti-Malware on your system.

Run Setup.exe

An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click “Yes” to continue with the installation.

GridinSoft Anti-Malware Setup

Press “Install” button.

GridinSoft Anti-Malware Install

Once installed, Anti-Malware will automatically run.

GridinSoft Anti-Malware Splash-Screen

Wait for the Anti-Malware scan to complete.

GridinSoft Anti-Malware will automatically start scanning your system for Backdoor.Win32.Vawtrak.xy files and other malicious programs. This process can take a 20-30 minutes, so I suggest you periodically check on the status of the scan process.

GridinSoft Anti-Malware Scanning

Click on “Clean Now”.

When the scan has finished, you will see the list of infections that GridinSoft Anti-Malware has detected. To remove them click on the “Clean Now” button in right corner.

GridinSoft Anti-Malware Scan Result

Are Your Protected?

GridinSoft Anti-Malware will scan and clean your PC for free in the trial period. The free version offer real-time protection for first 2 days. If you want to be fully protected at all times – I can recommended you to purchase a full version:

Full version of GridinSoft

Full version of GridinSoft Anti-Malware

If the guide doesn’t help you to remove Backdoor.Win32.Vawtrak.xy you can always ask me in the comments for getting help.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

References

  1. GridinSoft Anti-Malware Review from HowToFix site: https://howtofix.guide/gridinsoft-anti-malware/
  2. More information about GridinSoft products: https://gridinsoft.com/comparison

About the author

Robert Bailey

I'm Robert Bailey, a passionate Security Engineer with a deep fascination for all things related to malware, reverse engineering, and white hat ethical hacking.

As a white hat hacker, I firmly believe in the power of ethical hacking to bolster security measures. By identifying vulnerabilities and providing solutions, I contribute to the proactive defense of digital infrastructures.

Leave a Reply

Sending