Backdoor.Andromeda malicious file

Malware Removal

The Backdoor.Andromeda is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Andromeda virus can do?

  • Presents an Authenticode digital signature
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Backdoor.Andromeda?


File Info:

crc32: 7E3BCA9E
md5: ea88caee731920b390e588b51caad38f
name: ald.exe
sha1: a61c43ab3544a8ba53661de212741cb9368cdb9d
sha256: 0f9626653c8358d4e8315b97feafe2ed604ff67a9a159d47219685b2e15c1665
sha512: 90764f0470312786a0cfe016b5002001e1f461e974cd5da7b08b40f45da690a88ba662c542bc8d4af50ce2c74b372e629757ff853678eb47869c9cb2819acdd7
ssdeep: 49152:JXemj8mPRNhtIONSS78xUWaT0Y/NVaVjJFsSE2z7ZVl+C/4ZOjpUMji:d9j8aRNhtrRZT0Y/jYEK7ZVlsIjpli
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 2010-2019 by Duong Dieu Phap
FileVersion: 7.0.7.26
CompanyName: Duong Dieu Phap
Comments: This installation was built with Inno Setup.
ProductName: ImageGlass
ProductVersion: 7.0.7.26
FileDescription: A Iightweight, versatile image viewer
Translation: 0x0000 0x04b0

Backdoor.Andromeda also known as:

MicroWorld-eScanTrojan.GenericKD.34010813
FireEyeGeneric.mg.ea88caee731920b3
CAT-QuickHealTrojanSpy.MSIL
Qihoo-360Generic/Trojan.Spy.700
McAfeeArtemis!EA88CAEE7319
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.2053138
SangforMalware
K7AntiVirusTrojan ( 005690fc1 )
BitDefenderTrojan.GenericKD.34010813
K7GWTrojan ( 005690fc1 )
Cybereasonmalicious.b3544a
TrendMicroTROJ_GEN.R002C0GFI20
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
GDataTrojan.GenericKD.34010813
KasperskyHEUR:Trojan-Spy.MSIL.HiveMon.gen
AlibabaTrojanSpy:MSIL/Kryptik.93685ca0
NANO-AntivirusTrojan.Win32.Kryptik.hlfbbc
ViRobotTrojan.Win32.Z.Smartassembly.2439784
AegisLabTrojan.MSIL.HiveMon.l!c
TencentWin32.Trojan.Falsesign.Amce
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoMalware@#33p4wsrcpe1jb
F-SecureTrojan.TR/Dropper.MSIL.amees
DrWebTrojan.Siggen9.53721
VIPRETrojan.Win32.Generic!BT
Invinceaheuristic
EmsisoftTrojan.GenericKD.34010813 (B)
CyrenW32/Trojan.KAGT-1722
WebrootW32.Trojan.Gen
AviraTR/Dropper.MSIL.amees
ZoneAlarmHEUR:Trojan-Spy.MSIL.HiveMon.gen
CynetMalicious (score: 85)
AhnLab-V3PUP/Win32.RL_Generic.C4132643
VBA32TScope.Trojan.MSIL
ALYacTrojan.Spy.HiveMon
MAXmalware (ai score=100)
Ad-AwareTrojan.GenericKD.34010813
MalwarebytesBackdoor.Andromeda
PandaTrj/GdSda.A
ESET-NOD32a variant of MSIL/Kryptik.WKZ
TrendMicro-HouseCallTROJ_GEN.R002C0GFI20
RisingSpyware.HiveMon!8.11C37 (CLOUD)
SentinelOneDFI – Malicious PE
eGambitPE.Heur.InvalidSig
FortinetMSIL/Kryptik.SHS!tr
BitDefenderThetaGen:NN.ZemsilF.34130.uo1@aCueDUl
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.102170161.susgen

How to remove Backdoor.Andromeda?

Backdoor.Andromeda removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment