Backdoor

Backdoor.Win32.Androm.ozxh malicious file

Malware Removal

The Backdoor.Win32.Androm.ozxh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Androm.ozxh virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Backdoor.Win32.Androm.ozxh?



File Info:

name: 271F62BB3A49FC962A3D.mlw
path: /opt/CAPEv2/storage/binaries/b30d224665c2d7c237e34d8ddd73fe5de691580f8fe03e768268a0f2947e2c20
crc32: EE7D4B90
md5: 271f62bb3a49fc962a3db52c18c71d41
sha1: bf154739f65f7d376978029616701bfc0c6f4f17
sha256: b30d224665c2d7c237e34d8ddd73fe5de691580f8fe03e768268a0f2947e2c20
sha512: 78df7ab1387dd545500a7ee1fc77beccdcde63394eb80c235c6fe1395375531be11a9ed9ad482c8dfef6b294b49b6fe51d8e52e2f431eb5f7e1e5b1d5e5ec864
ssdeep: 6144:jGSU9a6BWHBhORdpP8w01TRo7ue1ik7/exY1j7w2:xqawWHB0dFxx/1x
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17A74D7AFB9C4F366C55570F82F00243A44E568F85FEDE4E3D7C4252E3BA12E2A059D26
sha3_384: e670a01a5ba9315081019544120a5ad773592beaadf3b6323886dbd8e464d68a2bf4330f4558b67280f177e7ae7ab748
ep_bytes: 6834324300e8eeffffff000000000000
timestamp: 2018-02-06 01:09:06


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Itibiti Inc. 
ProductName: Choicely8
FileVersion: 9.01.0005
ProductVersion: 9.01.0005
InternalName: Forholdstallene7
OriginalFilename: Forholdstallene7.exe

Backdoor.Win32.Androm.ozxh also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.271f62bb3a49fc96
McAfeeGeneric.ayf
CylanceUnsafe
ZillyaBackdoor.Androm.Win32.49211
SangforTrojan.Win32.Injector.8
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:Win32/Generic.148b0ea4
K7GWTrojan ( 005261b41 )
K7AntiVirusTrojan ( 005261b41 )
VirITTrojan.Win32.VBGenus.DZ
CyrenW32/Injector.VJPM-2505
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Smokeloader.A
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Androm.ozxh
BitDefenderTrojan.GenericKD.30316340
NANO-AntivirusTrojan.Win32.Androm.exvmpy
SUPERAntiSpywareTrojan.Agent/Gen-Injector
MicroWorld-eScanTrojan.GenericKD.30316340
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.114cde25
SophosMal/Generic-S + Mal/FareitVB-L
ComodoMalware@#39899gn0hb515
DrWebTrojan.DownLoad4.2934
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_HPFAREIT.SM2
McAfee-GW-EditionBehavesLike.Win32.Fareit.fh
EmsisoftTrojan.GenericKD.30316340 (B)
IkarusTrojan.Win32.Injector
JiangminBackdoor.Androm.xia
WebrootW32.Trojan.GenKD
AviraTR/Kryptik.zfxog
Antiy-AVLTrojan/Generic.ASMalwS.247865C
MicrosoftTrojan:Win32/Skeeyah.A!rfn
ViRobotTrojan.Win32.Z.Injector.360448.LE
ZoneAlarmBackdoor.Win32.Androm.ozxh
GDataWin32.Trojan.Agent.2XO0X7
AhnLab-V3Trojan/Win32.Injector.C2395594
BitDefenderThetaGen:NN.ZevbaF.34182.wm0@aS7mOfei
ALYacTrojan.GenericKD.30316340
MAXmalware (ai score=100)
VBA32BScope.Backdoor.Androm
MalwarebytesTrojan.Injector.VB
TrendMicro-HouseCallTSPY_HPFAREIT.SM2
RisingBackdoor.Androm!8.113 (C64:YzY0OnPSvO6fL5KY)
SentinelOneStatic AI – Suspicious PE
FortinetW32/GuLoader.VHJC!tr
AVGWin32:Malware-gen
Cybereasonmalicious.b3a49f
PandaTrj/WLT.D

How to remove Backdoor.Win32.Androm.ozxh?

Backdoor.Win32.Androm.ozxh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment