Categories: Backdoor

Backdoor:Win32/Mangwam.A removal

The Backdoor:Win32/Mangwam.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Mangwam.A virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Unconventionial language used in binary resources: Arabic
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify browser security settings
Attempts to disable browser security warnings
Attempts to interact with an Alternate Data Stream (ADS)
Creates a slightly modified copy of itself
Anomalous binary characteristics

Related domains:

www.winupdates1.info

How to determine Backdoor:Win32/Mangwam.A?


File Info:
crc32: 7AD839B4md5: 830edba62c32703b40b1b2695f87da54name: 830EDBA62C32703B40B1B2695F87DA54.mlwsha1: 8ac6fdc6b07b08966549f28fbc7bcac81535dbc8sha256: dd61de1a75da08ab74f1ff77079690eefbacd505de8ac020101fe49b1f30d231sha512: c50ff3819ed2a5674020b3ecc6fd2c6a319e604a051515a3fb0a6ed0ecd180a5891d0bd16a98a3ccca27152cbaa11d1d1dbe0c1ae9edcf53a1b8453777f2faf4ssdeep: 6144:atdnPfQwJQ2y/Y6teQHUKmbMzUB8VsKR3UAGo7cevB6BeWMPm7FMefX4:aPYCMdtmbIaKua5vB6BeWM+7FrfX4type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2012InternalName: NewHaoFileVersion: 1, 0, 0, 1CompanyName: LegalTrademarks: ProductName: NewHao ApplicationProductVersion: 1, 0, 0, 1FileDescription: NewHao MFC ApplicationOriginalFilename: NewHao.EXETranslation: 0x0409 0x04b0

Backdoor:Win32/Mangwam.A also known as:

Bkav	W32.AIDetectVM.malware1
DrWeb	Trojan.DownLoader7.19846
MicroWorld-eScan	Gen:Heur.Mint.Zard.1
FireEye	Generic.mg.830edba62c32703b
Qihoo-360	Win32/Trojan.07e
McAfee	Artemis!830EDBA62C32
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
BitDefender	Gen:Heur.Mint.Zard.1
Cybereason	malicious.62c327
BitDefenderTheta	Gen:NN.ZexaE.34804.wq0@aqoYGLbO
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_SPNR.0BB713
Avast	Win32:Malware-gen
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/Generic.cd17eea5
NANO-Antivirus	Trojan.Win32.Inject.bbkkda
AegisLab	Trojan.Win32.Injector.b!c
Rising	Trojan.Generic@ML.80 (RDML:/zbFhMY5VLKEZqvPqkpGpw)
Ad-Aware	Gen:Heur.Mint.Zard.1
Emsisoft	Gen:Heur.Mint.Zard.1 (B)
Comodo	Malware@#1p6tj90r7nrma
F-Secure	Trojan.TR/Dropper.Gen
Zillya	Trojan.Injector.Win32.156064
TrendMicro	TROJ_SPNR.0BB713
McAfee-GW-Edition	BehavesLike.Win32.Emotet.fc
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDropper.Injector.ajwl
Webroot	W32.Malware.Gen
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan[Dropper]/Win32.Injector
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Backdoor:Win32/Mangwam.A
Arcabit	Trojan.Mint.Zard.1
ZoneAlarm	Trojan-Dropper.Win32.Injector.gdag
GData	Gen:Heur.Mint.Zard.1
Cynet	Malicious (score: 100)
AhnLab-V3	Spyware/Win32.Zbot.R46351
ALYac	Gen:Heur.Mint.Zard.1
MAX	malware (ai score=100)
Malwarebytes	MachineLearning/Anomalous.94%
Panda	Trj/OCJ.A
APEX	Malicious
ESET-NOD32	Win32/Delf.QSQ
Tencent	Win32.Trojan.Spnr.Dwta
Yandex	Trojan.GenAsa!YYOeuc1va4k
Ikarus	Trojan.Win32.Delf
Fortinet	W32/Injector.YUB
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (D)
MaxSecure	Trojan.Malware.4844059.susgen