Categories: Backdoor

About “Backdoor.Win32.Androm.uccz” infection

The Backdoor.Win32.Androm.uccz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Androm.uccz virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (14 unique times)
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Arabic (Egypt)
  • Uses Windows utilities for basic functionality
  • A process attempted to delay the analysis task by a long amount of time.
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.bing.com
msn.com
www.msn.com
static-global-s-msn-com.akamaized.net
o.aolcdn.com
ajax.aspnetcdn.com
web.vortex.data.msn.com
ib.adnxs.com
acdn.adnxs.com
c.bing.com
ocsp.digicert.com
crl3.digicert.com
ocsp.msocsp.com
pr-bh.ybp.yahoo.com

How to determine Backdoor.Win32.Androm.uccz?



File Info:

crc32: 6BA68C8Amd5: 61bb8acae4c5fafae0abd20053309192name: tmpoo5__aghsha1: 1ea894203a816c5dc5f4d79c7c6263d9e0d740c8sha256: 7a21105bc6694979ae04f54571a32241c5c4f2248c1375a509839882de29a33bsha512: 969aa7e14072a3f8b242a6d1ae1920ad9c0d7abaf865dc0a91b5e5b75d2ef52e81018f09676b7787e71eabc7505eeaa547be8717cf75d7a781531c596f6b53ddssdeep: 3072:n+8T3sHXeGbfeNT0o6gAa3r5V0H0jRB7qfKRIEXQAYM8HknLs5:nFebWeodzV0UjRBOSSfAYM8HknY5type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalNamed: eczvkphvesv.ixeFileVersion: 1.2.0.1Copyrighd: Copyrighd (C) 2020, odfgbjvProductVersion: 1.0.4.4Translation: 0x0842 0x04c4

Backdoor.Win32.Androm.uccz also known as:

Bkav W32.AIDetectVM.malwareA
MicroWorld-eScan Trojan.GenericKD.43373894
FireEye Generic.mg.61bb8acae4c5fafa
Qihoo-360 Win32/Backdoor.878
McAfee Artemis!61BB8ACAE4C5
Malwarebytes Trojan.MalPack.GS
AegisLab Riskware.Win32.Malicious.1!c
Sangfor Malware
BitDefender Trojan.GenericKD.43373894
Cybereason malicious.03a816
Arcabit Trojan.Generic.D109E3
Invincea heuristic
BitDefenderTheta Gen:NN.ZexaF.34128.oq0@aCWLblbG
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Spy.Ursnif.CT
APEX Malicious
Avast FileRepMetagen [Malware]
ClamAV Win.Dropper.Vidar-8170701-0
Kaspersky Backdoor.Win32.Androm.uccz
Rising Malware.Heuristic!ET#97% (RDMK:cmRtazobHlSEARiFXNYCZTuoGdYK)
Ad-Aware Trojan.GenericKD.43373894
Emsisoft Trojan.GenericKDZ.68067 (B)
F-Secure Trojan.TR/AD.UrsnifDropper.illay
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh
Fortinet W32/Ursnif.CT!tr.spy
Trapmine suspicious.low.ml.score
SentinelOne DFI – Malicious PE
Webroot W32.Trojan.Gen
Avira TR/AD.UrsnifDropper.illay
MAX malware (ai score=84)
Endgame malicious (high confidence)
Microsoft Trojan:Win32/Gozi.ARJ!MTB
ZoneAlarm Backdoor.Win32.Androm.uccz
Cynet Malicious (score: 100)
Acronis suspicious
VBA32 BScope.Trojan.AET.281105
TrendMicro-HouseCall TROJ_FRS.VSNTFM20
Ikarus Win32.Outbreak
eGambit Unsafe.AI_Score_94%
GData Win32.Trojan-Spy.Ursnif.0FMSQ2
AVG FileRepMetagen [Malware]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (W)

How to remove Backdoor.Win32.Androm.uccz?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzacdn.adnxs.comajax.aspnetcdn.comBackdoor.Win32.Androm.ucczc.bing.comcrl3.digicert.comib.adnxs.commsn.como.aolcdn.comocsp.digicert.comocsp.msocsp.compr-bh.ybp.yahoo.comstatic-global-s-msn-com.akamaized.netweb.vortex.data.msn.comwww.bing.comwww.msn.comz.whorecord.xyz
4 years ago

Recent Posts

Malware.AI.1560801952 malicious file

The Malware.AI.1560801952 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Malware.AI.3778280684 removal tips

The Malware.AI.3778280684 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Should I remove “Jalapeno.777”?

The Jalapeno.777 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

MSIL/Kryptik.ALMH (file analysis)

The MSIL/Kryptik.ALMH is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Should I remove “Trojan.Win32.Agent.xbmkrx”?

The Trojan.Win32.Agent.xbmkrx is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Tedy.179306 removal guide

The Tedy.179306 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago