Backdoor Spy

Should I remove “Backdoor.GoldenSpy”?

Malware Removal

The Backdoor.GoldenSpy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.GoldenSpy virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Authenticode signature is invalid
  • CAPE detected the GoldenSpy malware family
  • Attempts to modify proxy settings

How to determine Backdoor.GoldenSpy?


File Info:

name: 132391FE6EDD635EF6AB.mlw
path: /opt/CAPEv2/storage/binaries/d8a7bbaddd371cde8430bb00ca8c20ce91af716e803332f5fa0aa459d9f11f48
crc32: 1BE9EF3B
md5: 132391fe6edd635ef6aba5d12f1be2f2
sha1: 03fb9761188f8e22d403e6fd683cc62bb0df90ea
sha256: d8a7bbaddd371cde8430bb00ca8c20ce91af716e803332f5fa0aa459d9f11f48
sha512: aff9468aa75b8240949bb206166e7b6e2b2ae4dbd3d038816e85ff2c751573a0cbe2b035abf399b1d8488d1058cade3a6ad9271347452d15581ded3e089de0a6
ssdeep: 6144:181sEQLeCweY0N49U1HToYJECc+jdPq4AONXZ8me0J:181WeCwe949U1HcYJECxBTX40J
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B1748C107A82D036D5F205320B79DB76457DBA240F6589EF63C81A6EDE302D2AB31F76
sha3_384: a3f81146551477ac164bce66403c7179fb2b89dd330e06361235d32af983f89cf3e0923577fbb791972531bfd53f1a56
ep_bytes: e8ae070000e974feffff558becff7508
timestamp: 2020-03-27 03:12:24

Version Info:

0: [No Data]

Backdoor.GoldenSpy also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.308754
FireEyeGeneric.mg.132391fe6edd635e
McAfeeGenericRXAA-AA!132391FE6EDD
CylanceUnsafe
ZillyaTrojan.Agent.Win32.1348080
K7AntiVirusTrojan ( 005699ae1 )
AlibabaBackdoor:Win32/GoldenSpy.f87d265e
K7GWTrojan ( 005699ae1 )
Cybereasonmalicious.e6edd6
SymantecBackdoor.Goldenspy!g1
ESET-NOD32Win32/Agent.UIA
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.GoldenSpy.gen
BitDefenderGen:Variant.Zusy.308754
NANO-AntivirusTrojan.Win32.GoldenSpy.htfbnu
AvastWin32:Trojan-gen
TencentWin32.Trojan.Zusy.Duvz
Ad-AwareGen:Variant.Zusy.308754
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
EmsisoftGen:Variant.Zusy.308754 (B)
GDataGen:Variant.Zusy.308754
JiangminBackdoor.GoldenSpy.s
AviraTR/Agent.ibvwf
Antiy-AVLTrojan/Generic.ASMalwS.30F32A3
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.GoldenSpy.C4147086
BitDefenderThetaGen:NN.ZexaF.34062.uuX@airdX9ji
ALYacGen:Variant.Zusy.308754
MAXmalware (ai score=88)
VBA32BScope.Backdoor.GoldenSpy
MalwarebytesBackdoor.GoldenSpy
TrendMicro-HouseCallTROJ_GEN.R002H0CKR21
RisingTrojan.Generic@ML.98 (RDML:oSNbLYY405Ds131TikQSvg)
YandexBackdoor.GoldenSpy!CBD/886WHqo
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.102778671.susgen
FortinetW32/Agent.UIA!tr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.GoldenSpy?

Backdoor.GoldenSpy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment