Backdoor

Backdoor.Win32.Androm.iixu removal tips

Malware Removal

The Backdoor.Win32.Androm.iixu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Androm.iixu virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Syriac
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Deletes executed files from disk
  • Attempts to access Bitcoin/ALTCoin wallets
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor.Win32.Androm.iixu?



File Info:

name: AC13B0A68EB5E612B726.mlw
path: /opt/CAPEv2/storage/binaries/c9ffd83e6871b148ff184338976dc6d0b702e581a6e266b9d31133e6596330ce
crc32: 85171703
md5: ac13b0a68eb5e612b7261507dfac7d16
sha1: 8b8c03673ace1cca67aa0566c87cb8f54510262e
sha256: c9ffd83e6871b148ff184338976dc6d0b702e581a6e266b9d31133e6596330ce
sha512: 753b840800082e3a392e804ea114125575f72adaff272563bb28639f4414e3f0902b31d6ee6beb507284f1fe3eb442822b1f446bca13f43397ff8d5894b32d76
ssdeep: 6144:VN4khcgfc/TkM4JmKZxqnOtESjRJhDpCw2KcMiAcoUgu:VN4khcOc/TkM4JDqWTpjpcpj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC34E06BEA0031D2CDBBC6B1CDDEC9831F15ADF0E1241C6B78096BDF1909A45D7162BA
sha3_384: 2bae5071fbac5ce0fbe6d223f9d8dd94d30b6c6a6364da736ec786fc0d93e03dc8bd3561329fb3f44bcb2eddd5793b34
ep_bytes: 6a706860f14000e8de01000033db538b
timestamp: 2004-08-09 22:35:00


Version Info:

Comments: 
CompanyName: Rimage Corporation
FileDescription: Uncollected
FileVersion: 171, 132, 191, 112
InternalName: Affront
LegalCopyright: Copyright 2015-2019
LegalTrademarks: 
OriginalFilename: Blustery.exe
PrivateBuild: 
ProductName: Wheaten Boundless
ProductVersion: 112, 203, 78, 245
SpecialBuild:

Backdoor.Win32.Androm.iixu also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Cripack.Gen.1
FireEyeGeneric.mg.ac13b0a68eb5e612
CAT-QuickHealTrojan.ParihamRI.S27949698
McAfeeGenericR-EPR!AC13B0A68EB5
MalwarebytesShiz.Spyware.Stealer.DDS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.68eb5e
VirITTrojan.Win32.Crypt4.CNTB
CyrenW32/Kryptik.GMP.gen!Eldorado
SymantecPacked.Generic.497
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Shiz.NCT
APEXMalicious
ClamAVWin.Trojan.Agent-1357229
KasperskyBackdoor.Win32.Androm.iixu
BitDefenderTrojan.Cripack.Gen.1
NANO-AntivirusTrojan.Win32.Androm.dxmufy
SUPERAntiSpywareBackdoor.Androm/Variant
AvastWin32:BackdoorX-gen [Trj]
TencentBackdoor.Win32.Androm.za
EmsisoftTrojan.Cripack.Gen.1 (B)
F-SecureTrojan.TR/Agent.cifjn
DrWebTrojan.DownLoader17.8681
VIPRETrojan.Cripack.Gen.1
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
Trapminemalicious.high.ml.score
SophosMal/Tinba-AB
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.PSE1.B1COLE
JiangminBackdoor.Androm.bmm
AviraTR/Agent.cifjn
MAXmalware (ai score=88)
Antiy-AVLTrojan[Backdoor]/Win32.Androm
ArcabitTrojan.Cripack.Gen.1
ZoneAlarmBackdoor.Win32.Androm.iixu
MicrosoftTrojan:Win32/Pariham.A
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win.Generic.R509665
BitDefenderThetaGen:NN.ZexaF.36250.oq0@aCL7LUaO
TACHYONBackdoor/W32.Androm.241664.J
VBA32Backdoor.Androm
Cylanceunsafe
PandaTrj/GdSda.A
ZonerTrojan.Win32.143716
RisingBackdoor.Androm!8.113 (TFE:5:ADIewdyZIXD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Papras.EH!tr
AVGWin32:BackdoorX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Backdoor.Win32.Androm.iixu?

Backdoor.Win32.Androm.iixu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment