Backdoor

What is “Backdoor.Win32.Androm.uxml”?

Malware Removal

The Backdoor.Win32.Androm.uxml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Win32.Androm.uxml virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A HTTP/S link was seen in a script or command line
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Androm.uxml?


File Info:

name: ACF3FF0413B12572CF0B.mlw
path: /opt/CAPEv2/storage/binaries/2225b442edeff80c3d91832bd6e3535b16dadbb255b85409cfd923e001dd18ef
crc32: 442CAAE4
md5: acf3ff0413b12572cf0b52934554d104
sha1: a3b5158a98763f5b3314730290d3f94e2136546b
sha256: 2225b442edeff80c3d91832bd6e3535b16dadbb255b85409cfd923e001dd18ef
sha512: d9df6ca180da5dfa5080927ad958cf78bc4e803b96e93df71b34b9029c52f40ed0405bfd7f82cfa8c6ec5fe70acee27117b8786228bca25b283f8a671b753cf5
ssdeep: 3072:kQJ84ny+jNCRp7TOpxzanjXE/tstJPoHaTEGQFGqyLUWh:LRnrW7TcuXEqtq6AIZLUe
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1DFC312D410FD2737C74584F739A29E0455E61D0293FA95AAEE3972C3942E8645CBCD0B
sha3_384: 8bd0042c56a653723b8f0b39b01a1bd06f583a2663a980388f514a962823f807de41e1582582f196f2314f248061286f
ep_bytes: 53565755488d35452afeff488dbe0040
timestamp: 2021-12-05 15:10:54

Version Info:

0: [No Data]

Backdoor.Win32.Androm.uxml also known as:

LionicTrojan.Win32.Generic.4!c
FireEyeGeneric.mg.acf3ff0413b12572
ALYacTrojan.GenericKD.47572912
CylanceUnsafe
ZillyaTrojan.CoinMiner.Win64.6870
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058b7721 )
AlibabaBackdoor:Win32/Androm.ee1663ef
K7GWTrojan ( 0058b7721 )
Cybereasonmalicious.a98763
CyrenW64/Trojan.RZBY-2727
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win64/CoinMiner.AFP
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Androm.uxml
BitDefenderTrojan.GenericKD.47572912
MicroWorld-eScanTrojan.GenericKD.47572912
AvastWin64:CoinminerX-gen [Trj]
TencentWin32.Backdoor.Androm.Lrsd
Ad-AwareTrojan.GenericKD.47572912
SophosMal/Generic-S
DrWebTrojan.BtcMine.3603
TrendMicroTROJ_GEN.R002C0PL921
McAfee-GW-EditionBehavesLike.Win64.Trickbot.cc
EmsisoftTrojan.GenericKD.47572912 (B)
IkarusTrojan.Win64.CoinMiner
GDataWin64.Trojan.Agent.TUTBZI
JiangminBackdoor.Androm.bckd
AviraTR/CoinMiner.xjimc
Antiy-AVLTrojan/Generic.ASBOL.C5E3
GridinsoftRansom.Win64.Gen.sa
ArcabitTrojan.Generic.D2D5E7B0
ViRobotTrojan.Win32.Z.Coinminer.122880
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Dropper/Win32.Downloader.R144334
McAfeeRDN/Generic BackDoor
MAXmalware (ai score=100)
VBA32Backdoor.Androm
MalwarebytesTrojan.BitCoinMiner
TrendMicro-HouseCallTROJ_GEN.R002C0PL921
YandexBackdoor.Androm!fAK10dCzBl8
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetAdware/Miner
AVGWin64:CoinminerX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor.Win32.Androm.uxml?

Backdoor.Win32.Androm.uxml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment