Categories: Backdoor

Backdoor:Win32/Simda!A information

The Backdoor:Win32/Simda!A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Simda!A virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by installation directory
  • Creates a copy of itself
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.bing.com
gatyfus.com
qekyqop.com
lyvyxor.com
vonyzuf.com
lysyfyj.com
galyqaz.com
pumyxiv.com
qedyfyq.com
volyqat.com
lymyxid.com
gadyfuh.com
puzywel.com
qeqyxov.com
vofygum.com
lyxywer.com
gaqycos.com
pufygug.com
qexyryl.com
vowycac.com
lygygin.com
gacyryw.com
purycap.com
qegyhig.com
vocyruk.com
lyryvex.com
gahyhob.com
puvytuq.com
qetyvep.com
vojyjof.com
lyvytuj.com
gatyvyz.com
pujyjav.com
qebytiq.com
vopybyt.com
lykyjad.com
ganypih.com
pupybul.com
qekykev.com
vonypom.com
lysynur.com
galykes.com
pumypog.com
qedynul.com
volykyc.com
lymysan.com
gadyniw.com
puzylyp.com
qeqysag.com
vofymik.com
lyxylux.com
gaqydeb.com
pufymoq.com
qexylup.com
vowydef.com
lygymoj.com
gacyzuz.com
purydyv.com
qegyqaq.com
vocyzit.com
lyryfyd.com
gahyqah.com
puvyxil.com
qetyfuv.com
vojyqem.com
fabia-her.com
www.gahyqah.com

How to determine Backdoor:Win32/Simda!A?



File Info:

crc32: 1FDBA34Amd5: 84083c38d0b52cfaf69fffa3ce5b1c3fname: 84083C38D0B52CFAF69FFFA3CE5B1C3F.mlwsha1: c0810c8ef8dffbb73ebd079a9b291a9ac05688basha256: 1df815ff3a7848c4fff7de94f7b185ab2e16a3b00f4a5c88926def25d412bc6asha512: f4b5c37bebb756716ae1fc3e9ec94b173534969d4a3c7aec12d7c67a3b60b9bd0037fe4ca8fac15e3fe4c6c9fe06dc3bb50f5b1f71f9e57e72d5c91ac5fb1887ssdeep: 3072:tHJEqesC5DzlN88DKAOsoyUKjZR6YJ+t3KsxAa6qgyKje5xgYw0DRRLl7j:TZCY8DKhGLZR6m4KZaXpXw0DjLltype: MS-DOS executable

Version Info:

LegalCopyright: xa9 1997-2010 Kaspersky Lab ZAO.InternalName: klwtbwsFileVersion: 1.1.0.4CompanyName: Kaspersky Lab ZAOProductName: Kaspersky Anti-Virus1: Kasperskyx2122 Anti-Virus xae  is registered trademark of Kaspersky Lab ZAO.ProductVersion: 1.9.4.7FileDescription: WebToolBar componentTranslation: 0x0409 0x0000

Backdoor:Win32/Simda!A also known as:

K7AntiVirus Trojan ( 0053eef71 )
Lionic Trojan.Win32.SpyEyes.l!c
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Ibank.300
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Beaugrit.7486
ALYac Gen:Variant.Ser.Razy.11242
Cylance Unsafe
Zillya Trojan.SpyEyes.Win32.4533
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_80% (D)
Alibaba TrojanSpy:Win32/SpyEyes.f5de25f2
K7GW Trojan ( 0053eef71 )
Cybereason malicious.8d0b52
Cyren W32/SpyEyes.P.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.QWG
APEX Malicious
Avast Win32:Downloader-ITQ [Trj]
ClamAV Win.Trojan.Spyeyes-169
Kaspersky Trojan-Spy.Win32.SpyEyes.kfu
BitDefender Gen:Variant.Ser.Razy.11242
NANO-Antivirus Trojan.Win32.SpyEyes.dgrwzq
MicroWorld-eScan Gen:Variant.Ser.Razy.11242
Tencent Malware.Win32.Gencirc.10b194cf
Ad-Aware Gen:Variant.Ser.Razy.11242
Sophos ML/PE-A + Mal/FakeAV-ON
Comodo TrojWare.Win32.Spy.SpyEyes.QQS@7tk4zx
BitDefenderTheta Gen:NN.ZexaF.34266.n00@aCVkteki
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc
FireEye Generic.mg.84083c38d0b52cfa
Emsisoft Gen:Variant.Ser.Razy.11242 (B)
SentinelOne Static AI – Malicious PE
Jiangmin TrojanSpy.SpyEyes.jmk
Avira TR/Crypt.XPACK.Gen
eGambit Unsafe.AI_Score_98%
Antiy-AVL Trojan/Generic.ASMalwS.15127A
Microsoft Backdoor:Win32/Simda.gen!A
SUPERAntiSpyware Trojan.Agent/Gen-Frauder
GData Gen:Variant.Ser.Razy.11242
TACHYON Trojan-Spy/W32.SpyEyes.223744.B
AhnLab-V3 Backdoor/Win32.Shiz.R50352
Acronis suspicious
McAfee PWS-Zbot.gen.jt
MAX malware (ai score=100)
VBA32 BScope.TrojanPSW.Papras
Malwarebytes Trojan.SpyEyes
Panda Trj/Genetic.gen
Rising Trojan.Generic@ML.98 (RDML:BB2mYx/ERxxSjIMHFZAvXQ)
Yandex TrojanSpy.SpyEyes!8IZ5zE3fMcE
Ikarus Trojan-Spy.Win32.SpyEyes
Fortinet W32/Shiz.F!tr.bdr
AVG Win32:Downloader-ITQ [Trj]
Paloalto generic.ml

How to remove Backdoor:Win32/Simda!A?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzBackdoor:Win32/Simda!Afabia-her.comgacyryw.comgacyzuz.comgadyfuh.comgadyniw.comgahyhob.comgahyqah.comgalykes.comgalyqaz.comganypih.comgaqycos.comgaqydeb.comgatyfus.comgatyvyz.comklwtbwslygygin.comlygymoj.comlykyjad.comlymysan.comlymyxid.comlyryfyd.comlyryvex.comlysyfyj.comlysynur.comlyvytuj.comlyvyxor.comlyxylux.comlyxywer.compufygug.compufymoq.compujyjav.compumypog.compumyxiv.compupybul.compurycap.compurydyv.compuvytuq.compuvyxil.compuzylyp.compuzywel.comqebytiq.comqedyfyq.comqedynul.comqegyhig.comqegyqaq.comqekykev.comqekyqop.comqeqysag.comqeqyxov.comqetyfuv.comqetyvep.comqexylup.comqexyryl.comvocyruk.comvocyzit.comvofygum.comvofymik.comvojyjof.comvojyqem.comvolykyc.comvolyqat.comvonypom.comvonyzuf.comvopybyt.comvowycac.comvowydef.comwww.bing.comwww.gahyqah.comz.whorecord.xyz
2 years ago

Recent Posts

Graftor.636625 removal tips

The Graftor.636625 is considered dangerous by lots of security experts. When this infection is active,…

4 mins ago

Troj/Luder-A information

The Troj/Luder-A is considered dangerous by lots of security experts. When this infection is active,…

40 mins ago

How to remove “Malware.AI.2017919460”?

The Malware.AI.2017919460 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Should I remove “Malware.AI.2861677099”?

The Malware.AI.2861677099 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Malware.AI.4183435755 information

The Malware.AI.4183435755 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Dropped:Application.Generic.3571726 removal instruction

The Dropped:Application.Generic.3571726 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago