Categories: Backdoor

Backdoor.Win32.Androm.vho (file analysis)

The Backdoor.Win32.Androm.vho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Androm.vho virus can do?

Executable code extraction
Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Backdoor.Win32.Androm.vho?


File Info:
crc32: 3496E1D8md5: 387a4bb7ec057b031dbe01c629537a5aname: jae2020.exesha1: 29aeb46b9ef6cdfdf24adad35dca5ffa208e6765sha256: 39ff14e621b726d9550d39df0efcc3664149dc4edfd0273d9f7ab0b20cd61bdesha512: 4afeadccd714b874df1ca54592f83f50d887139c3bda8294deb166e7211bf6005d91bef10502a2a6f3b68952465a1a09a43f222246c187e954912f6d294f302assdeep: 1536:/nLrsw657eRHPdu0UEHinQI63Dd8LkNfzGQI63DUiDeRHPdu0UEEw65rLr:vLy5QluECn36JG361YluE+5rLtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0InternalName: Nedturen3FileVersion: 1.00CompanyName: Triggerf8ProductName: sengefoProductVersion: 1.00OriginalFilename: Nedturen3.exe

Backdoor.Win32.Androm.vho also known as:

Cylance	Unsafe
Sangfor	Malware
Cybereason	malicious.b9ef6c
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Androm.vho
Trapmine	malicious.moderate.ml.score
ZoneAlarm	HEUR:Backdoor.Win32.Androm.vho
Acronis	suspicious
SentinelOne	DFI – Suspicious PE
eGambit	Unsafe.AI_Score_99%
BitDefenderTheta	Gen:NN.ZevbaF.34084.lm0@aC7MDUpi
Qihoo-360	HEUR/QVM03.0.B199.Malware.Gen