Backdoor

Backdoor.Simda.AB removal instruction

Malware Removal

The Backdoor.Simda.AB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Simda.AB virus can do?

  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with Themida
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Simda.AB?



File Info:

name: 42F0C603348B28E0B133.mlw
path: /opt/CAPEv2/storage/binaries/aea6e14a191cfc16370569f29e7ae5b61ea090c161d1998f3bb2fd7f02574e71
crc32: C5226EC0
md5: 42f0c603348b28e0b13326d1c3a57637
sha1: 95dbd083160388f9f3eef65bed0252dcca5eba24
sha256: aea6e14a191cfc16370569f29e7ae5b61ea090c161d1998f3bb2fd7f02574e71
sha512: 93af1ce2914ace18beefeb38b3641a3fe9c5179bf78a085f2c6f5b9c0b02fd0f5092db763007c4de5cd25ccc9e1c1e0d9771bf47622dde301b827b2dac77f06c
ssdeep: 98304:Thax1AJ4FAxBkPVwBI1pzWqMwrgMkO5kYlIX191gKWXlGEIb:QOwH5kYlIWVG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EAF6BEE1760AB1EFC54E1AB5995BCD43A87C07F443604802FC6DB8BDAF63E4211E6E58
sha3_384: ecf6c579edf406ba0022a81dab382390ee2ee2858c9c60bddd875929befc47cdb16754051bf7fd384b40628fee528773
ep_bytes: e8f0150000e978feffff8bff558bec8b
timestamp: 2013-10-07 07:04:29


Version Info:

0: [No Data]

Backdoor.Simda.AB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Simda.G!c
Elasticmalicious (high confidence)
MicroWorld-eScanBackdoor.Simda.AB
CAT-QuickHealBackdoor.Simda.9528
ALYacBackdoor.Simda.AB
MalwarebytesMalware.Heuristic.1003
ZillyaBackdoor.Simda.Win32.2506
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 00584baa1 )
AlibabaBackdoor:Win32/Simda.8decbf5a
K7GWRiskware ( 00584baa1 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Trojan.Kryptik.agk
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/GenKryptik_AGen.AAU
APEXMalicious
KasperskyBackdoor.Win32.Simda.abnq
BitDefenderBackdoor.Simda.AB
NANO-AntivirusTrojan.Win32.Simda.cqivso
AvastWin32:CryptoWall-C [Trj]
TencentMalware.Win32.Gencirc.11a2ca70
EmsisoftBackdoor.Simda.AB (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.Rodricter.80
VIPREBackdoor.Simda.AB
TrendMicroTROJ_GEN.R002C0PEO23
McAfee-GW-EditionBehavesLike.Win32.Sdbot.wz
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.42f0c603348b28e0
SophosGeneric ML PUA (PUA)
IkarusBackdoor.Win32.Cidox
GDataBackdoor.Simda.AB
JiangminBackdoor/Simda.ajk
GoogleDetected
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=82)
Antiy-AVLTrojan[Backdoor]/Win32.Simda
ArcabitBackdoor.Simda.AB
ZoneAlarmBackdoor.Win32.Simda.abnq
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
McAfeeGenericRXFN-YQ!42F0C603348B
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0PEO23
RisingTrojan.Kryptik!8.8 (TFE:1:6tHp0wYARnJ)
SentinelOneStatic AI – Malicious PE
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.36196.@RW@aK7K0Fgk
AVGWin32:CryptoWall-C [Trj]
Cybereasonmalicious.3348b2
DeepInstinctMALICIOUS

How to remove Backdoor.Simda.AB?

Backdoor.Simda.AB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment