Categories: Backdoor

About “Backdoor.Win32.Androm.uxht” infection

The Backdoor.Win32.Androm.uxht is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.uxht virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Reads data out of its own binary image
A HTTP/S link was seen in a script or command line
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Androm.uxht?


File Info:
name: 2DB2F599B773F36A2ED6.mlwpath: /opt/CAPEv2/storage/binaries/8303f7eae4b7cb8020a8c0c1a24ee427438fbbcb2803da6b0e3fd8aa43da6910crc32: DB1D9357md5: 2db2f599b773f36a2ed6c8797e8882dfsha1: be5f83ef476e83ed5f2a2e77b8046ff86035e0b0sha256: 8303f7eae4b7cb8020a8c0c1a24ee427438fbbcb2803da6b0e3fd8aa43da6910sha512: 2876db33ae2278316bad322edc0d49553109dc49d0010475508d19f2fe16d75115742baec319e7d3a8048605a64b78e8bfc8aa00433ada01a2c1cb5aba43d3d4ssdeep: 3072:+Qanxbu11+MLCQgPTOjVsWudIOPn4mbKdQTVX:6nxbu3+MuPO7ueOPnDmytype: PE32+ executable (console) x86-64, for MS Windowstlsh: T1FAC3126677ADA5B0F25F007DB0C60D0293DCBA27E3D7837517ADB2522D182A488FC96Dsha3_384: f8ecf1e2d81db246bc6c5633e36a5cc4e89c321025168db8bfe16d713bf914cf786f9847fa1ae5fd3ca7d6f4e72aeea7ep_bytes: 53565755488d35552afeff488dbe0040timestamp: 2021-12-03 18:27:02
Version Info:
0: [No Data]

Backdoor.Win32.Androm.uxht also known as:

DrWeb	Trojan.BtcMine.3603
FireEye	Generic.mg.2db2f599b773f36a
CAT-QuickHeal	Backdoor.Androm
ALYac	Trojan.GenericKD.47566371
Malwarebytes	Trojan.BitCoinMiner
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0058b45a1 )
Alibaba	Backdoor:Win64/Androm.12e461c0
K7GW	Trojan ( 0058b7721 )
Cybereason	malicious.f476e8
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/CoinMiner.AFP
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Androm.uxht
BitDefender	Trojan.GenericKD.47566371
MicroWorld-eScan	Trojan.GenericKD.47566371
Avast	Win64:CoinminerX-gen [Trj]
Tencent	Win64.Trojan.Coinminer.Huzq
Ad-Aware	Trojan.GenericKD.47566371
Emsisoft	Trojan.GenericKD.47566371 (B)
Comodo	TrojWare.Win32.Agent.hwral@0
TrendMicro	TROJ_FRS.0NA103L721
McAfee-GW-Edition	BehavesLike.Win64.Generic.cc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.CoinMiner
GData	Trojan.GenericKD.47566371
Jiangmin	Backdoor.Androm.bcjt
Webroot	W32.Trojan.Gen
Antiy-AVL	GrayWare/Win32.Kryptik.BQX
Kingsoft	Win32.Hack.Androm.ux.(kcloud)
Gridinsoft	Ransom.Win64.Gen.sa
Arcabit	Trojan.Generic.D2D5CE23
ViRobot	Trojan.Win32.Z.Agent.122880.NVL
Microsoft	Trojan:Win32/Suloc.A
AhnLab-V3	Dropper/Win32.Downloader.R144334
McAfee	RDN/Generic BackDoor
MAX	malware (ai score=85)
VBA32	Backdoor.Androm
TrendMicro-HouseCall	TROJ_FRS.0NA103L721
Yandex	Backdoor.Androm!kyvzuY8uX8k
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	Adware/Miner
AVG	Win64:CoinminerX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)