Categories: Backdoor

Should I remove “Backdoor.Win32.Androm.uuvc”?

The Backdoor.Win32.Androm.uuvc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.uuvc virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Network activity detected but not expressed in API logs
CAPE detected the RedLine malware family
Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Backdoor.Win32.Androm.uuvc?


File Info:
name: E02C536CA8AC3C72130C.mlwpath: /opt/CAPEv2/storage/binaries/a630af5824f8203ac1737ef7b7825849935317705181e76ddfd3dacff490780ccrc32: 1FD45D27md5: e02c536ca8ac3c72130cfc7bdcf1428dsha1: f534a47630a2dbda9a4dfc068b2ddc91da984d55sha256: a630af5824f8203ac1737ef7b7825849935317705181e76ddfd3dacff490780csha512: e98240d39a35a35bd78701f50de339d4340a8479f353b21e0264c7d476d8833acf445530820c61124bec05b80498fccceb644f439cf30bcbcb6afd43d27f9748ssdeep: 24576:fk70TrccF/iDbc2LMuygaUwwLpPk5O6phYWSwk5zmRKZ+Yrf:fkQTAq/iHhlppahZu5q4RLtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T15C6522123191C6B2C4B2453048EACA7A5B757D344BBA55E336CC7F7F7E316E1A2292C8sha3_384: 00c6a0a648ab323b6edf037ee44357b10fe5b86bb12259dbb805b2a21fa6a56ffb16310b1276e99b082b21ac8e2650daep_bytes: e8e15c0000e9a4feffff8bff558bec83timestamp: 2012-07-13 22:47:16
Version Info:
Translation: 0x0000 0x04b0Comments: Cabal Private Memory PanelCompanyName: ALMXFileDescription: X-ENGINEFileVersion: 2.0.2.26InternalName: esx.exeLegalCopyright: Copyright ©  2019LegalTrademarks: OriginalFilename: esx.exeProductName: X-ENGINEProductVersion: 2.0.2.26Assembly Version: 2.0.2.26

Backdoor.Win32.Androm.uuvc also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.38023698
ALYac	Trojan.GenericKD.38023698
Cylance	Unsafe
Sangfor	Trojan.MSIL.Convagent.gen
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:Win32/Androm.d071dfd6
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.630a2d
Arcabit	Trojan.Generic.D2443212
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Androm.uuvc
BitDefender	Trojan.GenericKD.38023698
Avast	FileRepMalware
Rising	Trojan.Generic@ML.100 (RDMK:idhxewKRHk8RPyITUYpZXg)
Ad-Aware	Trojan.GenericKD.38023698
Emsisoft	Trojan.GenericKD.38023698 (B)
F-Secure	Trojan.TR/Dropper.Gen
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.e02c536ca8ac3c72
Sophos	Mal/Generic-S
Ikarus	Trojan.Dropper
Avira	TR/Dropper.Gen
MAX	malware (ai score=81)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ViRobot	Trojan.Win32.Z.Highconfidence.1415168
GData	Trojan.GenericKD.38023698
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Artemis!E02C536CA8AC
VBA32	Trojan.MSIL.Convagent
Malwarebytes	Spyware.PasswordStealer
TrendMicro-HouseCall	TROJ_GEN.R002H0CKH21
Yandex	Backdoor.Androm!/xqXZyDrJwQ
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_98%
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZexaF.34294.wr0@aipOGMn
AVG	FileRepMalware
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (W)
MaxSecure	Trojan.Malware.300983.susgen