Backdoor

Backdoor.Androm.A5 information

Malware Removal

The Backdoor.Androm.A5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Androm.A5 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Faeroese
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • A process attempted to delay the analysis task by a long amount of time.
  • Created a process from a suspicious location

How to determine Backdoor.Androm.A5?



File Info:

name: 4FB472F67AA9B1993D09.mlw
path: /opt/CAPEv2/storage/binaries/04b4edb27b4da8dab635b7f863e39db57cebbfe86f1260af0ce1130ace0440f6
crc32: 93E3FCC7
md5: 4fb472f67aa9b1993d09d3afa6ef3d92
sha1: b983d87c2d267c8c05e3d6c6954f92dcb22277d1
sha256: 04b4edb27b4da8dab635b7f863e39db57cebbfe86f1260af0ce1130ace0440f6
sha512: a2c8e0b412a874a7ab68a2d39993a8c05cba771f41b43e352dde75b984e9b72507a0c9ffbf379892e63658c67856da478975b1cb02a6ada79809a56994f11bd7
ssdeep: 3072:2sajN75w92FcdtwDwArKDp8kzhZ+zWK1SwK4wRCiT+mwaQlnwHFERxCuVkahlUBx:2sajNEZp8KZAQpNdT+Vln6ExjGIUb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E7644B4A3DE3C271E1AC6FF92884846F13369C12A8A68FB74EBD1178394FC43916576D
sha3_384: 4280b9f35a7d6e6c14d26f88602115f525c5ebfc473ae6c86cdcb646007a1d684389492a6bc7197dc247a5d00091a7b8
ep_bytes: e8a4190000e9b2150000cccccccccccc
timestamp: 2017-03-18 12:38:34


Version Info:

0: [No Data]

Backdoor.Androm.A5 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Inject2.51327
MicroWorld-eScanGen:Variant.Symmi.72866
FireEyeGeneric.mg.4fb472f67aa9b199
CAT-QuickHealBackdoor.Androm.A5
McAfeeTrojan-FLTZ!4FB472F67AA9
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00509b521 )
AlibabaTrojan:Win32/Kryptik.f6ba425a
K7GWTrojan ( 00509b521 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34182.tuW@aGgO6zmG
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.FPZP
Paloaltogeneric.ml
ClamAVWin.Malware.Dorkbot-9886078-1
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.72866
NANO-AntivirusTrojan.Win32.Androm.emrsgi
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:GenMalicious-NUT [Trj]
RisingTrojan.Kryptik!8.8 (CLOUD)
EmsisoftGen:Variant.Symmi.72866 (B)
ComodoTrojWare.Win32.Zbot.FPZP@7gz7gm
F-SecureHeuristic.HEUR/AGEN.1103334
BaiduWin32.Trojan.Kryptik.blz
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
SophosML/PE-A
IkarusTrojan.Win32.Krypt
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1103334
Antiy-AVLTrojan[Backdoor]/Win32.Androm
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Skeeyah.A!rfn
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Symmi.72866
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Lethic.R197210
VBA32BScope.Trojan.Inject
ALYacGen:Variant.Symmi.72866
MAXmalware (ai score=87)
MalwarebytesMalware.AI.1635052214
APEXMalicious
TencentWin32.Backdoor.Androm.Phqq
YandexTrojan.GenAsa!VxTOvZ4qAjM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.FPZP!tr
AVGWin32:GenMalicious-NUT [Trj]
Cybereasonmalicious.67aa9b
PandaTrj/GdSda.A

How to remove Backdoor.Androm.A5?

Backdoor.Androm.A5 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment