Categories: Backdoor

Should I remove “Backdoor.Win32.Androm.ndog”?

The Backdoor.Win32.Androm.ndog is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.ndog virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Compression (or decompression)
Creates RWX memory
Reads data out of its own binary image
Performs some HTTP requests
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity detected but not expressed in API logs
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

edgedl.me.gvt1.com

update.googleapis.com

How to determine Backdoor.Win32.Androm.ndog?


File Info:
crc32: B28BB6CFmd5: d08b1de281403124490894a03bbbb6c0name: D08B1DE281403124490894A03BBBB6C0.mlwsha1: 6491c5907453e0672360f1cecfc6b1883f1b8772sha256: bed12e893d0fa5f12c7efc9724fe28a2dd4656bf2614c7aef2a2e36637c54066sha512: 62d38e2cb30fc925a5316b6dddd204200bf8c0f5fd8971f3d2f260adf63c0886a028867ee7db60cb2b8cd8232e41f2f99a8b69b712eb63aef66e200fbc9c5a3bssdeep: 6144:mMMYNXqBBPbGbFVMMnlnJk8XTphxBgfG8FFFFN9yNOZ7XqIZ56CkSOVSQtUqw:qnPi7Xk8X/Kjf9WOhqC5FOVSQutype: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Version Info:
LegalCopyright: ProductVersion: 1.0.1.0.pre.1ProductName: Vulkan RuntimeFileVersion: 1.0.1.0.pre.1FileDescription: Vulkan Runtime InstallerTranslation: 0x0409 0x04e4

Backdoor.Win32.Androm.ndog also known as:

K7AntiVirus	Trojan ( 004e24c81 )
Lionic	Trojan.Win32.Androm.m!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.761
Cynet	Malicious (score: 100)
CAT-QuickHeal	Backdoor.Androm
ALYac	Trojan.Ransom.cryptolocker
Cylance	Unsafe
Zillya	Backdoor.Androm.Win32.48290
Sangfor	Ransom.Win32.Teerac.mt
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Ransom:Win32/Teerac.8e2942ea
K7GW	Trojan ( 004e24c81 )
Cybereason	malicious.281403
Cyren	W32/Injector.FLFO-5383
Symantec	Ransom.CryptXXX
ESET-NOD32	Win32/Filecoder.TorrentLocker.A
Zoner	Trojan.Win32.56363
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Backdoor.Win32.Androm.ndog
BitDefender	Trojan.GenericKD.4953760
NANO-Antivirus	Trojan.Win32.Inject.fadfdp
ViRobot	Trojan.Win32.S.Cryptolocker.360486
MicroWorld-eScan	Trojan.GenericKD.4953760
Tencent	Win32.Backdoor.Androm.Wpjf
Ad-Aware	Trojan.GenericKD.4953760
Sophos	Mal/Generic-L
Comodo	Malware@#2o10qswmct4p
BitDefenderTheta	Gen:NN.ZedlaF.34058.cu8@aydRe!k
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CRYPTLOCK.DLFLWX
McAfee-GW-Edition	W32/Teerac.b
FireEye	Generic.mg.d08b1de281403124
Emsisoft	Trojan.GenericKD.4953760 (B)
SentinelOne	Static AI – Suspicious PE
Webroot	W32.Trojan.Gen
Avira	TR/AD.Teerac.nhpfy
Antiy-AVL	Trojan/Generic.ASMalwS.2030AA6
Microsoft	Ransom:Win32/Teerac
Arcabit	Trojan.Generic.D4B96A0
SUPERAntiSpyware	Ransom.CryptoLocker/Variant
GData	Win32.Trojan.Agent.09BMRW
AhnLab-V3	Trojan/Win32.MDA.R199524
McAfee	W32/Teerac.b
MAX	malware (ai score=84)
VBA32	Backdoor.Androm
Panda	Trj/WLT.C
TrendMicro-HouseCall	Ransom_CRYPTLOCK.DLFLWX
Rising	Trojan.Generic@ML.83 (RDML:79BEdw2Ny6DkO8mJRpf/DQ)
Yandex	Trojan.Injector!BUZghtfgo0w
Ikarus	Trojan.Win32.Filecoder
Fortinet	W32/InjectorGen.DOGE!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.TorrentLocker.HyoD8I0A