Backdoor.AveMaria (file analysis)

Malware Removal

The Backdoor.AveMaria file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Backdoor.AveMaria virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to restart the guest VM
  • Steals private information from local Internet browsers
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Collects information to fingerprint the system

How to determine Backdoor.AveMaria?


General:

Operating System: Windows 7 / 8 / 8.1 / 10 Virus Name: Unsafe

File Info:

Name: gmb.exe

Size: 645632

Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

MD5: 81366e1a478dcc00088b443d70fda4ec

SHA1: 4feb20208769da51cafe4816a09e5bad0362773d

SH256: f1b7ac50d2a996c776a11b44647c48138bfc56aec29f2637f198134e1ae3831e

Version Info:

[No Data]

Backdoor.AveMaria also known as:

ALYacSpyware.AgentTesla
APEXMalicious
AVGWin32:RATX-gen [Trj]
Acronissuspicious
Ad-AwareTrojan.GenericKD.32700362
AegisLabTrojan.MSIL.Agensla.i!c
AhnLab-V3Trojan/Win32.Pwstealer.R294918
AlibabaTrojan:Win32/starter.ali1000139
Antiy-AVLTrojan[PSW]/MSIL.Agensla
ArcabitTrojan.Generic.D1F2F7CA
AvastWin32:RATX-gen [Trj]
AviraTR/Kryptik.lwymo
BitDefenderTrojan.GenericKD.32700362
BitDefenderThetaGen:NN.ZemsilF.32245.Nm0@amrmVAd
CAT-QuickHealTrojanpws.Msil
ClamAVWin.Packed.Agensla-7343119-0
CrowdStrikewin/malicious_confidence_100% (W)
Cybereasonmalicious.08769d
CylanceUnsafe
CyrenW32/MSIL_Kryptik.UY.gen!Eldorado
DrWebTrojan.PWS.Siggen2.34582
ESET-NOD32a variant of MSIL/Kryptik.TGK
EmsisoftGen:Variant.Ser.MSILPerseus.4205 (B)
Endgamemalicious (high confidence)
F-SecureTrojan.TR/Kryptik.lwymo
FireEyeGeneric.mg.81366e1a478dcc00
FortinetMSIL/Kryptik.THA!tr
GDataTrojan.GenericKD.32700362
IkarusTrojan.Inject
Invinceaheuristic
JiangminTrojan.PSW.MSIL.kjz
K7AntiVirusTrojan ( 00559aeb1 )
K7GWTrojan ( 00559aeb1 )
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.gen
MAXmalware (ai score=81)
MalwarebytesBackdoor.AveMaria
MaxSecureTrojan.Malware.300983.susgen
McAfeeGenericRXIV-WA!81366E1A478D
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
MicroWorld-eScanTrojan.GenericKD.32700362
MicrosoftTrojan:MSIL/NanoBot.DH!MTB
Paloaltogeneric.ml
PandaTrj/GdSda.A
Qihoo-360Win32/Trojan.PSW.374
RisingTrojan.NanoBot!8.80F2 (TFE:C:6GVyOEu2riH)
SentinelOneDFI – Suspicious PE
SophosMal/Generic-S
SymantecTrojan.Gen.MBT
TrendMicroBackdoor.MSIL.BLADABINDI.THJAGAI
TrendMicro-HouseCallBackdoor.MSIL.BLADABINDI.THJAGAI
ViRobotTrojan.Win32.Z.Kryptik.645632.T
WebrootW32.Malware.gen
YandexTrojan.Kryptik!TL8wOlIuBBA
ZillyaTrojan.Kryptik.Win32.1791218
ZoneAlarmHEUR:Trojan-PSW.MSIL.Agensla.gen
ZonerTrojan.Win32.82779

How to remove Backdoor.AveMaria?

Backdoor.AveMaria removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment