Categories: Backdoor

About “Backdoor.Win32.Androm.tizb” infection

The Backdoor.Win32.Androm.tizb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.tizb virus can do?

Executable code extraction
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Queries information on disks for anti-virtualization via Device Information APIs
Sniffs keystrokes
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Creates a copy of itself
Creates a slightly modified copy of itself

Related domains:

groupcreatedt.at

resolver1.opendns.com

myip.opendns.com

geroyamslava.at

How to determine Backdoor.Win32.Androm.tizb?


File Info:
crc32: 76D0BFC5md5: a8da6c09f797b74ea1965fdf57d7a502name: A8DA6C09F797B74EA1965FDF57D7A502.mlwsha1: 5c0776cd7bf96010e7f7a609736cf6119be6e231sha256: cd16db51872581108c2e9beb6a2ba93153c67f85db299f10b4fe11f6e7a8a19dsha512: 18e5dad5a00649c96a1366fa8330fac6c95d466100c676b2e8c449dc696823a21fbf351b85fda54a4f763a7985cf2414f59a6e03264f486c1b4150e7f90d40cdssdeep: 6144:GfZ8cwq2jtotNCa8pnTqgxbYbxcExJrU6GT9pR:GfuC2jtBHNgcEnI5Xtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Backdoor.Win32.Androm.tizb also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005190011 )
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Papras.2707
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Exxroute.A3
ALYac	Trojan.Ransom.BMV
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	TrojanSpy:Win32/Ursnif.f03ba80b
K7GW	Trojan ( 00508c791 )
Cybereason	malicious.9f797b
Cyren	W32/Cerber.CJ.gen!Eldorado
Symantec	Packed.Generic.493
ESET-NOD32	a variant of Win32/Kryptik.FPQQ
APEX	Malicious
Avast	Win32:Cerber-E [Trj]
ClamAV	Win.Ransomware.Cerber-6952131-0
Kaspersky	Backdoor.Win32.Androm.tizb
BitDefender	Trojan.Ransom.BMV
NANO-Antivirus	Trojan.Win32.Sphinx.fbotgl
MicroWorld-eScan	Trojan.Ransom.BMV
Tencent	Win32.Trojan.Generic.Lpli
Ad-Aware	Trojan.Ransom.BMV
Sophos	ML/PE-A + Mal/Elenoocka-E
Comodo	Malware@#1c73iou4hsuhu
BitDefenderTheta	Gen:NN.ZexaF.34790.tqW@aiUtZmbi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CERBER.SM38
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.fc
FireEye	Generic.mg.a8da6c09f797b74e
Emsisoft	Trojan.Ransom.BMV (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.brqqj
Avira	HEUR/AGEN.1116787
eGambit	Unsafe.AI_Score_88%
Antiy-AVL	Trojan/Generic.ASMalwS.1EF4783
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	TrojanSpy:Win32/Ursnif.HX
Arcabit	Trojan.Ransom.BMV
GData	Trojan.Ransom.BMV
AhnLab-V3	Trojan/Win32.Cerber.R197037
Acronis	suspicious
McAfee	Ransomware-FMJ!A8DA6C09F797
MAX	malware (ai score=100)
VBA32	BScope.TrojanPSW.Papras
Malwarebytes	Cerber.Ransom.Encrypt.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom_CERBER.SM38
Rising	Trojan.Generic@ML.100 (RDML:BPsfdL6ckb22h4lW9xyzuQ)
Yandex	Trojan.GenAsa!e62t6X7jrCk
Ikarus	Trojan.Crypt
Fortinet	W32/Generic.AC.3DF911!tr
AVG	Win32:Cerber-E [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Backdoor.Androm.HxQBPBkB