Backdoor.AveMaria (file analysis)

The Backdoor.AveMaria file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Backdoor.AveMaria virus can do?

• Executable code extraction
• Injection (inter-process)
• Injection (Process Hollowing)
• Injection with CreateRemoteThread in a remote process
• Creates RWX memory
• A process attempted to delay the analysis task.
• A process created a hidden window
• The binary likely contains encrypted or compressed data.
• Uses Windows utilities for basic functionality
• Executed a process and injected code into it, probably while unpacking
• Attempts to restart the guest VM
• Steals private information from local Internet browsers
• Creates a hidden or system file
• Checks the CPU name from registry, possibly for anti-virtualization
• Creates a copy of itself
• Collects information to fingerprint the system

How to determine Backdoor.AveMaria?

General:
Operating System: Windows 7 / 8 / 8.1 / 10
Virus Name: Unsafe


File Info:
Name: gmb.exe
Size: 645632
Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5: 81366e1a478dcc00088b443d70fda4ec
SHA1: 4feb20208769da51cafe4816a09e5bad0362773d
SH256: f1b7ac50d2a996c776a11b44647c48138bfc56aec29f2637f198134e1ae3831e
 
Version Info:
 [No Data] 

Backdoor.AveMaria also known as:

ALYac	Spyware.AgentTesla
APEX	Malicious
AVG	Win32:RATX-gen [Trj]
Acronis	suspicious
Ad-Aware	Trojan.GenericKD.32700362
AegisLab	Trojan.MSIL.Agensla.i!c
AhnLab-V3	Trojan/Win32.Pwstealer.R294918
Alibaba	Trojan:Win32/starter.ali1000139
Antiy-AVL	Trojan[PSW]/MSIL.Agensla
Arcabit	Trojan.Generic.D1F2F7CA
Avast	Win32:RATX-gen [Trj]
Avira	TR/Kryptik.lwymo
BitDefender	Trojan.GenericKD.32700362
BitDefenderTheta	Gen:NN.ZemsilF.32245.Nm0@amrmVAd
CAT-QuickHeal	Trojanpws.Msil
ClamAV	Win.Packed.Agensla-7343119-0
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.08769d
Cylance	Unsafe
Cyren	W32/MSIL_Kryptik.UY.gen!Eldorado
DrWeb	Trojan.PWS.Siggen2.34582
ESET-NOD32	a variant of MSIL/Kryptik.TGK
Emsisoft	Gen:Variant.Ser.MSILPerseus.4205 (B)
Endgame	malicious (high confidence)
F-Secure	Trojan.TR/Kryptik.lwymo
FireEye	Generic.mg.81366e1a478dcc00
Fortinet	MSIL/Kryptik.THA!tr
GData	Trojan.GenericKD.32700362
Ikarus	Trojan.Inject
Invincea	heuristic
Jiangmin	Trojan.PSW.MSIL.kjz
K7AntiVirus	Trojan ( 00559aeb1 )
K7GW	Trojan ( 00559aeb1 )
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
MAX	malware (ai score=81)
Malwarebytes	Backdoor.AveMaria
MaxSecure	Trojan.Malware.300983.susgen
McAfee	GenericRXIV-WA!81366E1A478D
McAfee-GW-Edition	BehavesLike.Win32.Generic.jc
MicroWorld-eScan	Trojan.GenericKD.32700362
Microsoft	Trojan:MSIL/NanoBot.DH!MTB
Paloalto	generic.ml
Panda	Trj/GdSda.A
Qihoo-360	Win32/Trojan.PSW.374
Rising	Trojan.NanoBot!8.80F2 (TFE:C:6GVyOEu2riH)
SentinelOne	DFI – Suspicious PE
Sophos	Mal/Generic-S
Symantec	Trojan.Gen.MBT
TrendMicro	Backdoor.MSIL.BLADABINDI.THJAGAI
TrendMicro-HouseCall	Backdoor.MSIL.BLADABINDI.THJAGAI
ViRobot	Trojan.Win32.Z.Kryptik.645632.T
Webroot	W32.Malware.gen
Yandex	Trojan.Kryptik!TL8wOlIuBBA
Zillya	Trojan.Kryptik.Win32.1791218
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
Zoner	Trojan.Win32.82779

How to remove Backdoor.AveMaria?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.