Backdoor

Backdoor:Win32/Simda!A information

Malware Removal

The Backdoor:Win32/Simda!A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Simda!A virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by installation directory
  • Creates a copy of itself
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.bing.com
gatyfus.com
qekyqop.com
lyvyxor.com
vonyzuf.com
lysyfyj.com
galyqaz.com
pumyxiv.com
qedyfyq.com
volyqat.com
lymyxid.com
gadyfuh.com
puzywel.com
qeqyxov.com
vofygum.com
lyxywer.com
gaqycos.com
pufygug.com
qexyryl.com
vowycac.com
lygygin.com
gacyryw.com
purycap.com
qegyhig.com
vocyruk.com
lyryvex.com
gahyhob.com
puvytuq.com
qetyvep.com
vojyjof.com
lyvytuj.com
gatyvyz.com
pujyjav.com
qebytiq.com
vopybyt.com
lykyjad.com
ganypih.com
pupybul.com
qekykev.com
vonypom.com
lysynur.com
galykes.com
pumypog.com
qedynul.com
volykyc.com
lymysan.com
gadyniw.com
puzylyp.com
qeqysag.com
vofymik.com
lyxylux.com
gaqydeb.com
pufymoq.com
qexylup.com
vowydef.com
lygymoj.com
gacyzuz.com
purydyv.com
qegyqaq.com
vocyzit.com
lyryfyd.com
gahyqah.com
puvyxil.com
qetyfuv.com
vojyqem.com
fabia-her.com
www.gahyqah.com

How to determine Backdoor:Win32/Simda!A?



File Info:

crc32: 1FDBA34A
md5: 84083c38d0b52cfaf69fffa3ce5b1c3f
name: 84083C38D0B52CFAF69FFFA3CE5B1C3F.mlw
sha1: c0810c8ef8dffbb73ebd079a9b291a9ac05688ba
sha256: 1df815ff3a7848c4fff7de94f7b185ab2e16a3b00f4a5c88926def25d412bc6a
sha512: f4b5c37bebb756716ae1fc3e9ec94b173534969d4a3c7aec12d7c67a3b60b9bd0037fe4ca8fac15e3fe4c6c9fe06dc3bb50f5b1f71f9e57e72d5c91ac5fb1887
ssdeep: 3072:tHJEqesC5DzlN88DKAOsoyUKjZR6YJ+t3KsxAa6qgyKje5xgYw0DRRLl7j:TZCY8DKhGLZR6m4KZaXpXw0DjLl
type: MS-DOS executable


Version Info:

LegalCopyright: xa9 1997-2010 Kaspersky Lab ZAO.
InternalName: klwtbws
FileVersion: 1.1.0.4
CompanyName: Kaspersky Lab ZAO
ProductName: Kaspersky Anti-Virus
1: Kasperskyx2122 Anti-Virus xae  is registered trademark of Kaspersky Lab ZAO.
ProductVersion: 1.9.4.7
FileDescription: WebToolBar component
Translation: 0x0409 0x0000

Backdoor:Win32/Simda!A also known as:

K7AntiVirusTrojan ( 0053eef71 )
LionicTrojan.Win32.SpyEyes.l!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Ibank.300
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Beaugrit.7486
ALYacGen:Variant.Ser.Razy.11242
CylanceUnsafe
ZillyaTrojan.SpyEyes.Win32.4533
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojanSpy:Win32/SpyEyes.f5de25f2
K7GWTrojan ( 0053eef71 )
Cybereasonmalicious.8d0b52
CyrenW32/SpyEyes.P.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.QWG
APEXMalicious
AvastWin32:Downloader-ITQ [Trj]
ClamAVWin.Trojan.Spyeyes-169
KasperskyTrojan-Spy.Win32.SpyEyes.kfu
BitDefenderGen:Variant.Ser.Razy.11242
NANO-AntivirusTrojan.Win32.SpyEyes.dgrwzq
MicroWorld-eScanGen:Variant.Ser.Razy.11242
TencentMalware.Win32.Gencirc.10b194cf
Ad-AwareGen:Variant.Ser.Razy.11242
SophosML/PE-A + Mal/FakeAV-ON
ComodoTrojWare.Win32.Spy.SpyEyes.QQS@7tk4zx
BitDefenderThetaGen:NN.ZexaF.34266.n00@aCVkteki
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
FireEyeGeneric.mg.84083c38d0b52cfa
EmsisoftGen:Variant.Ser.Razy.11242 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.SpyEyes.jmk
AviraTR/Crypt.XPACK.Gen
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASMalwS.15127A
MicrosoftBackdoor:Win32/Simda.gen!A
SUPERAntiSpywareTrojan.Agent/Gen-Frauder
GDataGen:Variant.Ser.Razy.11242
TACHYONTrojan-Spy/W32.SpyEyes.223744.B
AhnLab-V3Backdoor/Win32.Shiz.R50352
Acronissuspicious
McAfeePWS-Zbot.gen.jt
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Papras
MalwarebytesTrojan.SpyEyes
PandaTrj/Genetic.gen
RisingTrojan.Generic@ML.98 (RDML:BB2mYx/ERxxSjIMHFZAvXQ)
YandexTrojanSpy.SpyEyes!8IZ5zE3fMcE
IkarusTrojan-Spy.Win32.SpyEyes
FortinetW32/Shiz.F!tr.bdr
AVGWin32:Downloader-ITQ [Trj]
Paloaltogeneric.ml

How to remove Backdoor:Win32/Simda!A?

Backdoor:Win32/Simda!A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment