Categories: Backdoor

Backdoor.Androm.A5 information

The Backdoor.Androm.A5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Androm.A5 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
A process created a hidden window
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Faeroese
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
A process attempted to delay the analysis task by a long amount of time.
Created a process from a suspicious location

How to determine Backdoor.Androm.A5?


File Info:
name: 4FB472F67AA9B1993D09.mlwpath: /opt/CAPEv2/storage/binaries/04b4edb27b4da8dab635b7f863e39db57cebbfe86f1260af0ce1130ace0440f6crc32: 93E3FCC7md5: 4fb472f67aa9b1993d09d3afa6ef3d92sha1: b983d87c2d267c8c05e3d6c6954f92dcb22277d1sha256: 04b4edb27b4da8dab635b7f863e39db57cebbfe86f1260af0ce1130ace0440f6sha512: a2c8e0b412a874a7ab68a2d39993a8c05cba771f41b43e352dde75b984e9b72507a0c9ffbf379892e63658c67856da478975b1cb02a6ada79809a56994f11bd7ssdeep: 3072:2sajN75w92FcdtwDwArKDp8kzhZ+zWK1SwK4wRCiT+mwaQlnwHFERxCuVkahlUBx:2sajNEZp8KZAQpNdT+Vln6ExjGIUbtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E7644B4A3DE3C271E1AC6FF92884846F13369C12A8A68FB74EBD1178394FC43916576Dsha3_384: 4280b9f35a7d6e6c14d26f88602115f525c5ebfc473ae6c86cdcb646007a1d684389492a6bc7197dc247a5d00091a7b8ep_bytes: e8a4190000e9b2150000cccccccccccctimestamp: 2017-03-18 12:38:34
Version Info:
0: [No Data]

Backdoor.Androm.A5 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Inject2.51327
MicroWorld-eScan	Gen:Variant.Symmi.72866
FireEye	Generic.mg.4fb472f67aa9b199
CAT-QuickHeal	Backdoor.Androm.A5
McAfee	Trojan-FLTZ!4FB472F67AA9
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 00509b521 )
Alibaba	Trojan:Win32/Kryptik.f6ba425a
K7GW	Trojan ( 00509b521 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.34182.tuW@aGgO6zmG
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.FPZP
Paloalto	generic.ml
ClamAV	Win.Malware.Dorkbot-9886078-1
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Symmi.72866
NANO-Antivirus	Trojan.Win32.Androm.emrsgi
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Avast	Win32:GenMalicious-NUT [Trj]
Rising	Trojan.Kryptik!8.8 (CLOUD)
Emsisoft	Gen:Variant.Symmi.72866 (B)
Comodo	TrojWare.Win32.Zbot.FPZP@7gz7gm
F-Secure	Heuristic.HEUR/AGEN.1103334
Baidu	Win32.Trojan.Kryptik.blz
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.fh
Sophos	ML/PE-A
Ikarus	Trojan.Win32.Krypt
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1103334
Antiy-AVL	Trojan[Backdoor]/Win32.Androm
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Skeeyah.A!rfn
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Symmi.72866
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Lethic.R197210
VBA32	BScope.Trojan.Inject
ALYac	Gen:Variant.Symmi.72866
MAX	malware (ai score=87)
Malwarebytes	Malware.AI.1635052214
APEX	Malicious
Tencent	Win32.Backdoor.Androm.Phqq
Yandex	Trojan.GenAsa!VxTOvZ4qAjM
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.FPZP!tr
AVG	Win32:GenMalicious-NUT [Trj]
Cybereason	malicious.67aa9b
Panda	Trj/GdSda.A