Backdoor

How to remove “Backdoor.Win32.Androm.uadj”?

Malware Removal

The Backdoor.Win32.Androm.uadj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Androm.uadj virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (9 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Spanish (El Salvador)
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Detects Bitdefender Antivirus through the presence of a library
  • Exhibits behavior characteristics of BetaBot / Neurevt malware
  • Steals private information from local Internet browsers
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a hidden or system file
  • Attempts to identify installed AV products by registry key
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a device
  • Detects VMware through the presence of a device
  • Detects VMware through the presence of a registry key
  • Creates a copy of itself
  • Attempts to create or modify system certificates
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.bing.com
www.adobe.com
botstars.net
banigerz.com
www.youtube.com

How to determine Backdoor.Win32.Androm.uadj?


File Info:

crc32: E338ACD7
md5: 7e9a8110c7917961ab4b2eb99c127e51
name: 372908347483775138410235126907639811.exe
sha1: 96a580154faf3811a6b51341ec5ebd124f33113e
sha256: a2b362b46b8eed0c306b68c3e66d31ff2e8379cb5757a137c1963e7445598c1e
sha512: 81b5906394bcfa0e19b8a92819f637570a3c215657b798e869542077da5ae293129cc170b17d929371a4024188a688f769dda96bfc9962242981b5f046872bbc
ssdeep: 6144:xcY53jsfiVVHWJ0aGwAa9+mgvo+wVNWWH:x1TsU2J0aoagw+wmWH
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Backdoor.Win32.Androm.uadj also known as:

BkavW32.AIDetectVM.malware
MicroWorld-eScanTrojan.GenericKD.33794139
CAT-QuickHealTrojanDownloader.Dofoil
McAfeeTrojan-FSBM!7E9A8110C791
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 005663411 )
BitDefenderTrojan.GenericKD.33794139
K7GWTrojan ( 005663411 )
Cybereasonmalicious.54faf3
TrendMicroTROJ_GEN.R011C0DE820
BitDefenderThetaGen:NN.ZexaF.34108.rqW@a4i2t4VG
APEXMalicious
AvastWin32:Malware-gen
GDataTrojan.GenericKD.33794139
KasperskyBackdoor.Win32.Androm.uadj
AlibabaBackdoor:Win32/Androm.3e5d42cc
AegisLabTrojan.Win32.Generic.4!c
RisingBackdoor.Androm!8.113 (CLOUD)
Ad-AwareTrojan.GenericKD.33794139
EmsisoftTrojan.GenericKD.33794139 (B)
ComodoMalware@#3j0fhmi5kx9dq
F-SecureTrojan.TR/AD.SmokeLoader.EN
Invinceaheuristic
McAfee-GW-EditionTrojan-FSBM!7E9A8110C791
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.7e9a8110c7917961
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
CyrenW32/Trojan.FMLK-6673
JiangminTrojanSpy.Agent.advz
MaxSecureTrojan.Malware.300983.susgen
AviraTR/AD.SmokeLoader.EN
Antiy-AVLTrojan[Downloader]/Win32.Dofoil
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D203A85B
ZoneAlarmBackdoor.Win32.Androm.uadj
MicrosoftTrojan:Win32/Androm.DSK!MTB
AhnLab-V3Trojan/Win32.MalPe.R335400
Acronissuspicious
VBA32Trojan.Wacatac
ALYacTrojan.Downloader.Dofoil.gen
MAXmalware (ai score=100)
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HDEB
TrendMicro-HouseCallTROJ_GEN.R011C0DE820
TencentWin32.Backdoor.Androm.Alje
YandexTrojan.Kryptik!WkNnNk8U2wQ
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_98%
FortinetW32/Kryptik.HDDU!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_70% (W)
Qihoo-360Generic/HEUR/QVM10.2.0ED8.Malware.Gen

How to remove Backdoor.Win32.Androm.uadj?

Backdoor.Win32.Androm.uadj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment