Categories: Backdoor

Backdoor.Win32.Androm.tiza information

The Backdoor.Win32.Androm.tiza is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.tiza virus can do?

Executable code extraction
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Queries information on disks for anti-virtualization via Device Information APIs
Sniffs keystrokes
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Creates a copy of itself
Creates a slightly modified copy of itself

Related domains:

groupcreatedt.at

resolver1.opendns.com

myip.opendns.com

geroyamslava.at

How to determine Backdoor.Win32.Androm.tiza?


File Info:
crc32: F72EB7EEmd5: ac928176a2cfcdc9935689ee4313da13name: AC928176A2CFCDC9935689EE4313DA13.mlwsha1: add1bca9214e559bf51e447523832c8dfd0912ddsha256: ae71fb978b5abbff24740db3a7e083392f3301e46ad2b904064e9f48825bc52esha512: 2adc2185a8e4d94b1b9304099e3210510d30bc1d03a44b1dcf45f133ae4025371fddfdff47cdcf8912862c255346c7c1e7a0b553d9ac670324af87d9709b2321ssdeep: 6144:sSdg8cwq2jtotNCa8pnTjl/K3GJJYYIjtG1ur+g:sSDC2jtBNlCHBjY1ur+gtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Backdoor.Win32.Androm.tiza also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005190011 )
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Exxroute.A3
ALYac	Trojan.Ransom.BMV
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	TrojanSpy:Win32/Ursnif.3949cd17
K7GW	Trojan ( 00508c791 )
Cybereason	malicious.6a2cfc
Cyren	W32/Cerber.CJ.gen!Eldorado
Symantec	Packed.Generic.493
ESET-NOD32	a variant of Win32/Kryptik.FPQQ
APEX	Malicious
Avast	Win32:Cerber-E [Trj]
ClamAV	Win.Ransomware.Cerber-6952131-0
Kaspersky	Backdoor.Win32.Androm.tiza
BitDefender	Trojan.Ransom.BMV
NANO-Antivirus	Trojan.Win32.Sphinx.evhnsl
MicroWorld-eScan	Trojan.Ransom.BMV
Tencent	Win32.Trojan.Generic.Lpla
Ad-Aware	Trojan.Ransom.BMV
Sophos	ML/PE-A + Mal/Elenoocka-E
Comodo	Malware@#bhm78o9f7a6b
BitDefenderTheta	Gen:NN.ZexaF.34790.tqW@am!QT7ci
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CERBER.SM38
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.fc
FireEye	Generic.mg.ac928176a2cfcdc9
Emsisoft	Trojan.Ransom.BMV (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.brthi
Avira	HEUR/AGEN.1116787
Antiy-AVL	Trojan/Generic.ASMalwS.1EF4783
Microsoft	TrojanSpy:Win32/Ursnif.HX
GData	Trojan.Ransom.BMV
AhnLab-V3	Trojan/Win32.Cerber.R197037
Acronis	suspicious
McAfee	Ransomware-FMJ!AC928176A2CF
MAX	malware (ai score=98)
VBA32	BScope.TrojanPSW.Papras
Malwarebytes	Cerber.Ransom.Encrypt.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom_CERBER.SM38
Rising	Trojan.Generic@ML.100 (RDML:6V+IwokHN23zQyX8z4KfVg)
Yandex	Trojan.GenAsa!e62t6X7jrCk
Ikarus	Trojan.Crypt
Fortinet	W32/Generic.AC.3DF911!tr
AVG	Win32:Cerber-E [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Backdoor.Androm.HxQBajAA