Categories: Backdoor

How to remove “Backdoor.Win32.Androm.ldww”?

The Backdoor.Win32.Androm.ldww is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.ldww virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Behavioural detection: Injection (inter-process)
Created a process from a suspicious location
CAPE detected the ZeusPanda malware family
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine Backdoor.Win32.Androm.ldww?


File Info:
name: AA7C1FD88223B40EA530.mlwpath: /opt/CAPEv2/storage/binaries/61a65f91952a71ef119b5a54012b4a48521d739a3afc881fe33276e733e421b6crc32: 4EE54CA5md5: aa7c1fd88223b40ea53039d558186f1fsha1: caaeebe602792b1f87e6cbb0a3c48190bceff843sha256: 61a65f91952a71ef119b5a54012b4a48521d739a3afc881fe33276e733e421b6sha512: d62301cb3a40da1edb294619c31ea424008dd2a2f828fc446c779d4ae7b897fad9b59893c0824117cfe17d5aaeb24168d0ca30c9720d20f221f960aa8513eb32ssdeep: 3072:iCCCakDwgvBimCCC6idWwHRYcSVvqROFAkxrd2zHnsEReu3q75LOo24:zDlsTYcSvxqkxZ2jDou8tOo3type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1F614598E3AAE4555F45D223275AB4B09B23BBD13252E8F0B1A47F329593ED10BE113C7sha3_384: cc74f0561e8e90729fbc9a3783e2ac59d1c7bdfc10513e3c5f9a044d15220675c489859f52e61665f9223575dc39b16bep_bytes: 68e44c4000e8f0ffffff000000000000timestamp: 2016-10-27 04:55:13
Version Info:
Translation: 0x0409 0x04b0Comments:  Logarithms and inverse functions come first because they're easy to ...CompanyName: flAsh ogarithms and inverse functions come first because they're easy to ...FileDescription:  Logarithms and inverse functions come first because they're easy to ...LegalCopyright:  Logarithms and inverse functions come first because they're easy to ...LegalTrademarks:  Logarithms and inverse functions come first because they're easy to ...ProductName:  Logarithms and inverse functions come first because they're easy to ...FileVersion: 1.00.0084ProductVersion: 1.00.0084InternalName: DamaGiaOriginalFilename: DamaGia.exe

Backdoor.Win32.Androm.ldww also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Androm.m!c
Elastic	malicious (high confidence)
ClamAV	Win.Trojan.Johnnie-6622850-0
CAT-QuickHeal	Trojan.VBCrypt.MF.6714
ALYac	Trojan.GenericKD.3642467
Malwarebytes	Trojan.Crypt
Zillya	Trojan.Injector.Win32.423126
Sangfor	Backdoor.Win32.Androm.ldww
K7AntiVirus	Trojan ( 004fbb051 )
BitDefender	Trojan.GenericKD.3642467
K7GW	Trojan ( 004fbb051 )
Cybereason	malicious.88223b
Cyren	W32/Androm.VFLE-2417
Symantec	Trojan Horse
ESET-NOD32	Win32/Spy.Zbot.ACM
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Androm.ldww
Alibaba	VirTool:Win32/VBInject.d370e804
NANO-Antivirus	Trojan.Win32.Zbot.eoppoj
ViRobot	Backdoor.Win32.Androm.196106
MicroWorld-eScan	Trojan.GenericKD.3642467
Tencent	Malware.Win32.Gencirc.10bc227b
Ad-Aware	Trojan.GenericKD.3642467
Sophos	Mal/Generic-R + Troj/Androm-OC
Comodo	Malware@#3l6bqqrc3ti04
DrWeb	Trojan.PWS.Panda.11620
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TSPY_ZBOT.YUYATI
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
FireEye	Generic.mg.aa7c1fd88223b40e
Emsisoft	Trojan.GenericKD.3642467 (B)
Ikarus	Trojan-Spy.Agent
GData	Win32.Trojan.Agent.KZC5XI
Jiangmin	Backdoor.Androm.llf
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.VB.zcejr
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.1C158DF
Kingsoft	Win32.Hack.Androm.ld.(kcloud)
Arcabit	Trojan.Generic.D379463
SUPERAntiSpyware	Backdoor.Androm/Variant
Microsoft	VirTool:Win32/VBInject.AGW
AhnLab-V3	Backdoor/Win32.Androm.C1626230
McAfee	PWSZbot-FHN.a
VBA32	TScope.Trojan.VB
Cylance	Unsafe
TrendMicro-HouseCall	TSPY_ZBOT.YUYATI
Rising	Trojan.Injector!1.AE63 (CLASSIC)
Yandex	Trojan.GenAsa!shH6o5UpEWg
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Androm.LDWW!tr
BitDefenderTheta	Gen:NN.ZevbaF.34294.lm3@aG44KHgi
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_100% (W)