Backdoor

Backdoor.Win32.Androm.usay malicious file

Malware Removal

The Backdoor.Win32.Androm.usay is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Androm.usay virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Network activity detected but not expressed in API logs

How to determine Backdoor.Win32.Androm.usay?



File Info:

crc32: 50BEBB76
md5: 6678549db6974d6962363d8b82ee7be2
name: 6678549DB6974D6962363D8B82EE7BE2.mlw
sha1: b3fc1aca4ff8ad96d48895d7d9bc8e136151b844
sha256: ad90d436c3465d6ae2f4bee7f0aafb828f150eff6a0a6c76fdd83c895b2070dc
sha512: 39ed85ba147bbfb9625afa993993867676ebfd6efddf43f49a0d838a498c6d6be45501a8f02f3be682b5711c38119899547301bb7a02e13c003614f13a4f13b1
ssdeep: 98304:nSibgJW3oGqaFvY9Jp+oyyuMNfyCUFStjqNsNM5NEQ2Z+dnPcMc:1TtY9JpXXuMNzUwANsu5z2Z+1cd
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: Dave Kerr                                                   
Comments: This installation was built with Inno Setup.
ProductName: SharpShell Configurator                                     
ProductVersion: 2.5.3.0                                           
FileDescription: SharpShell Configurator Setup                               
OriginalFileName:                                                   
Translation: 0x0000 0x04b0

Backdoor.Win32.Androm.usay also known as:

LionicTrojan.Win32.Generic.4!c
ALYacTrojan.GenericKD.46776782
CylanceUnsafe
SangforBackdoor.Win32.Androm.usay
AlibabaBackdoor:Win32/Androm.42487812
K7GWTrojan ( 0052c9041 )
K7AntiVirusTrojan ( 0052c9041 )
CyrenW32/Trojan.UKHE-0537
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/Agent.UKB
AvastWin32:Trojan-gen
CynetMalicious (score: 99)
KasperskyBackdoor.Win32.Androm.usay
BitDefenderTrojan.GenericKD.46776782
MicroWorld-eScanTrojan.GenericKD.46776782
Ad-AwareTrojan.GenericKD.46776782
SophosGeneric PUA LD (PUA)
TrendMicroTROJ_GEN.R002C0DHG21
McAfee-GW-EditionArtemis
FireEyeTrojan.GenericKD.46776782
EmsisoftTrojan.GenericKD.46776782 (B)
AviraTR/Agent.mpfhr
MicrosoftTrojan:Win32/CryptInject!MSR
GDataTrojan.GenericKD.46776782
McAfeeArtemis!6678549DB697
MAXmalware (ai score=80)
VBA32Backdoor.Androm
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DHG21
FortinetPossibleThreat.MU
AVGWin32:Trojan-gen
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.Androm.HgIASaAA

How to remove Backdoor.Win32.Androm.usay?

Backdoor.Win32.Androm.usay removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment