Backdoor

Backdoor:Win32/Androm!MSR (file analysis)

Malware Removal

The Backdoor:Win32/Androm!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Androm!MSR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode patterns malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Androm!MSR?


File Info:

name: E6AA938BE4B70C79D297.mlw
path: /opt/CAPEv2/storage/binaries/ec801e3baa02c7ad36a9b06512ac106d30ab3a2207a7cb1e543fbd076995d43d
crc32: 6425C720
md5: e6aa938be4b70c79d297936887a1d9a3
sha1: 8cf60c047ee8d742a7a91626535c64bc6d7b580e
sha256: ec801e3baa02c7ad36a9b06512ac106d30ab3a2207a7cb1e543fbd076995d43d
sha512: f8e435748c62dec58d224afab455abda10dd841c9e7c740d8bbcbd5418d57ed6f55fb5f5ba2ae9e3df9f7e0627c5e44194e879f2b36570124962a88cfea3fc4b
ssdeep: 1536:NeljBCxEBj+cl47agAHiG1M5NhDWuwK73FiP7hlbrm7mdbC:gB2xaeG1yN4uwywdl3vG
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1CD93C01276E59076D16E2E355CB4D621097B2802BAF4908E7F8921FB1F723C0DD7936B
sha3_384: 79d48db84643961a15a637f1d193eea958c09f221f4e09b9a283b06e23c246ec910793f94378818fd24d7a97abe0207b
ep_bytes: 8bff558bec837d0c017505e80f130000
timestamp: 2019-03-08 10:03:23

Version Info:

0: [No Data]

Backdoor:Win32/Androm!MSR also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.ExplorerHijack.fq4@aqshkbo
FireEyeGeneric.mg.e6aa938be4b70c79
SkyhighBehavesLike.Win32.Trojan.mc
ALYacBackdoor.Agent.ShadowPad
Cylanceunsafe
ZillyaBackdoor.Androm.Win32.73193
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00552f2c1 )
AlibabaBackdoor:Win32/Androm.b3bbb060
K7GWTrojan ( 00552f2c1 )
BitDefenderThetaGen:NN.ZedlaF.36804.fq4@aqshkbo
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Shadowpad.M
TrendMicro-HouseCallBackdoor.Win32.SHADOWPAD.B
KasperskyBackdoor.Win32.Androm.rspy
BitDefenderGen:Trojan.ExplorerHijack.fq4@aqshkbo
NANO-AntivirusTrojan.Win32.Androm.gblqpu
AvastWin32:Spyware-gen [Spy]
TencentMalware.Win32.Gencirc.10bd99a7
TACHYONBackdoor/W32.Androm.90624.C
SophosMal/Generic-S
F-SecureTrojan.TR/AD.Inject.uvbit
DrWebBackDoor.ShadowPad.5
VIPREGen:Trojan.ExplorerHijack.fq4@aqshkbo
TrendMicroBackdoor.Win32.SHADOWPAD.B
EmsisoftGen:Trojan.ExplorerHijack.fq4@aqshkbo (B)
IkarusTrojan.Win32.Shadowpad
JiangminBackdoor.Androm.apfb
WebrootW32.Trojan.Shadowpad
GoogleDetected
AviraTR/AD.Inject.uvbit
VaristW32/Trojan.GXQ.gen!Eldorado
Antiy-AVLTrojan[APT]/Win32.Apt17
KingsoftWin32.Hack.Androm.rspy
MicrosoftBackdoor:Win32/Androm!MSR
XcitiumMalware@#28rm706xitg3d
ArcabitTrojan.ExplorerHijack.E85EA8
ZoneAlarmBackdoor.Win32.Androm.rspy
GDataGen:Trojan.ExplorerHijack.fq4@aqshkbo
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C3521745
McAfeeGenericRXTS-UE!E6AA938BE4B7
MAXmalware (ai score=100)
VBA32Backdoor.Androm
PandaTrj/GdSda.A
RisingBackdoor.Androm!8.113 (TFE:5:hlX696gyhwK)
YandexBackdoor.Androm!33gYuenaRK8
MaxSecureTrojan.Malware.74423908.susgen
FortinetW32/Androm.EGQQ!tr.bdr
AVGWin32:Spyware-gen [Spy]
DeepInstinctMALICIOUS
alibabacloudBackdoor

How to remove Backdoor:Win32/Androm!MSR?

Backdoor:Win32/Androm!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment