Backdoor

What is “Backdoor.Drixed.A3”?

Malware Removal

The Backdoor.Drixed.A3 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Drixed.A3 virus can do?

  • Executable code extraction
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • The binary likely contains encrypted or compressed data.
  • Exhibits behavior characteristic of Dridex malware
  • Collects information about installed applications
  • Attempts to identify installed AV products by registry key
  • Anomalous binary characteristics

How to determine Backdoor.Drixed.A3?



File Info:

crc32: 0AEDA28C
md5: ab32064691e52c89b7ac2086ed5dc934
name: bin.exe
sha1: 0865f13f61c009c5fb4baa333975b1962359d0f5
sha256: c56a46575f00e527844ea393c50aa58500dda94088c34489559b610200ba756b
sha512: 8b75e0dc16a116b2d10ac9ddce036551324d9ca6d30ebb0b392a63cdc65cb9aec60016527f54fea33b22aebfdadaa09443aa7f6903a61398c1eb0aa6e9281eb8
ssdeep: 1536:NNo+dOpBSCP+1KMeiK/cQMxo0dqmRna2ybAQ:bc//iqcJbyh
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: DynaMoon.dll
FileVersion: 5.2.2670.5512 (xpsp.080413-0852)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 5.2.2670.5512
FileDescription: Standard Dynamic Printing Port Monitor DLL
OriginalFilename: DynaMoon.dll
Translation: 0x0409 0x04b0

Backdoor.Drixed.A3 also known as:

BkavW32.BitWallE.Spyware
MicroWorld-eScanTrojan.GenericKD.2187531
CAT-QuickHealBackdoor.Drixed.A3
Qihoo-360HEUR/QVM20.1.Malware.Gen
McAfeeGeneric.vz
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.SelfDel.4!c
SangforMalware
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderTrojan.GenericKD.2187531
K7GWTrojan ( 004b6d241 )
K7AntiVirusTrojan ( 004b6d241 )
ArcabitTrojan.Generic.D21610B
TrendMicroTSPY_DRIDEX.SMN2
F-ProtW32/Backdoor2.HXFW
ESET-NOD32Win32/Dridex.K
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Dridex-24
KasperskyTrojan.Win32.SelfDel.asah
AlibabaBackdoor:Win32/SelfDel.6663feb6
NANO-AntivirusTrojan.Win32.SelfDel.doqlbx
RisingBackdoor.Win32.Drixed.d (CLOUD)
Endgamemalicious (high confidence)
EmsisoftTrojan.GenericKD.2187531 (B)
ComodoMalware@#1jyujzudegedy
F-SecureTrojan.TR/Crypt.XPACK.155521
DrWebTrojan.Dridex.106
ZillyaTrojan.SelfDel.Win32.49532
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Emotet.nh
FortinetW32/Bourben.SBP!tr
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.ab32064691e52c89
SophosTroj/Dyreza-CR
IkarusTrojan.Win32.Dridex
CyrenW32/Backdoor.MOUQ-4245
JiangminTrojan.Selfdel.ozr
WebrootW32.Trojan.Gen
AviraTR/Crypt.XPACK.155521
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.SelfDel
MicrosoftBackdoor:Win32/Drixed!rfn
ViRobotTrojan.Win32.Agent.92160.AA
ZoneAlarmTrojan.Win32.SelfDel.asah
AhnLab-V3Trojan/Win32.Dynamer.R155863
Acronissuspicious
VBA32BScope.TrojanPSW.Papras
ALYacTrojan.Dridex.A
TACHYONTrojan/W32.SelfDel.92160
Ad-AwareTrojan.GenericKD.2187531
PandaTrj/Chgt.O
TrendMicro-HouseCallTSPY_DRIDEX.SMN2
TencentWin32.Trojan.Selfdel.Lmuc
YandexTrojan.SelfDel!hzPeVH+0j6g
SentinelOneDFI – Suspicious PE
GDataWin32.Trojan.Agent.1DIP0F
BitDefenderThetaGen:NN.ZexaF.34100.fy0@aSEgrgmi
AVGWin32:Malware-gen
Cybereasonmalicious.691e52
AvastWin32:Malware-gen

How to remove Backdoor.Drixed.A3?

Backdoor.Drixed.A3 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment