Backdoor

What is “Backdoor:Win32/Smadow”?

Malware Removal

The Backdoor:Win32/Smadow is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Smadow virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Attempts to modify Internet Explorer’s start page
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers

How to determine Backdoor:Win32/Smadow?



File Info:

name: D75F72B09338F7FC64B8.mlw
path: /opt/CAPEv2/storage/binaries/081190601e59bc36a52ce6935050da4113ece6f1ae9ec0a48b7c016070a1c4ea
crc32: E4001572
md5: d75f72b09338f7fc64b898270bf82567
sha1: 09d1749d1d2f7f76a7e971fc64b3c74ec408c8ad
sha256: 081190601e59bc36a52ce6935050da4113ece6f1ae9ec0a48b7c016070a1c4ea
sha512: 93ee36097a2d8a94538eb6dd75316c50415205a5055dc6575e4894e9bca2922cb16c41cf7b9630699462b382de7e706f151e283fa13b85ebd18d905b60df408b
ssdeep: 24576:CGfOVhVRufFFFFXcu4dlrCWoXJNgyzx/wWY:CGfqE3F4+WsDdxlY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CE05234CF225546DC0CBE771A52772A49B5C11B2A14AC0CF6B6FCA0B31519E0EBA74FB
sha3_384: 293aacc9481caa9865cb3ce678d4471282b0fa71e45b6f499fb5c4f7644db13982b68137a88335c404771b39586e51de
ep_bytes: 558bec81ec44020000ff150070420089
timestamp: 2005-11-14 12:58:31


Version Info:

0: [No Data]

Backdoor:Win32/Smadow also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Digitala.lnVY
MicroWorld-eScanGen:Trojan.Heur.KS.2
FireEyeGeneric.mg.d75f72b09338f7fc
McAfeeZeroAccess.de
CylanceUnsafe
ZillyaTrojan.Digitala.Win32.481
SangforSuspicious.Win32.Save.a
AlibabaRiskWare:Win32/ArchSMS.84b6efdc
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.A20BC7AF14
VirITTrojan.Win32.Generic.EAK
CyrenW32/FakeAlert.TZ.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.MNA
TrendMicro-HouseCallTROJ_FAKEAV.SMID
Paloaltogeneric.ml
ClamAVWin.Trojan.5901025-1
KasperskyHoax.Win32.ArchSMS.HEUR
BitDefenderGen:Trojan.Heur.KS.2
NANO-AntivirusRiskware.Win32.ArchSMS.ctfotc
APEXMalicious
TencentMalware.Win32.Gencirc.10c2c1b4
Ad-AwareGen:Trojan.Heur.KS.2
EmsisoftGen:Trojan.Heur.KS.2 (B)
ComodoTrojWare.Win32.Kryptik.MTD@38l7ad
DrWebTrojan.SMSSend.494
VIPREGen:Trojan.Heur.KS.2
TrendMicroTROJ_FAKEAV.SMID
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.bc
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/FakeAV-IS
IkarusTrojan-Downloader.Win32.ZAccess
GDataGen:Trojan.Heur.KS.2
JiangminHoax.ArchSMS.qb
WebrootW32.Trojan.Gen
AviraTR/Agent.TEL.A
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.491
ArcabitTrojan.Heur.KS.2
ZoneAlarmHoax.Win32.ArchSMS.HEUR
MicrosoftBackdoor:Win32/Smadow
CynetMalicious (score: 100)
AhnLab-V3Unwanted/Win32.ArchSMS.R24158
Acronissuspicious
VBA32BScope.Backdoor.Agent
ALYacGen:Trojan.Heur.KS.2
MalwarebytesMalware.AI.2264586614
AvastWin32:Dropper-GMI [Drp]
RisingTrojan.Generic@AI.100 (RDML:tnhI1aT/iTdJ2DfBenFgxQ)
YandexTrojan.GenAsa!uX/9ro773xI
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.NPU!tr
AVGWin32:Dropper-GMI [Drp]
Cybereasonmalicious.09338f
PandaTrj/Genetic.gen

How to remove Backdoor:Win32/Smadow?

Backdoor:Win32/Smadow removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment