Categories: Backdoor

What is “Backdoor:Win32/Smadow”?

The Backdoor:Win32/Smadow is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Smadow virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Creates RWX memory
Dynamic (imported) function loading detected
Attempts to modify Internet Explorer’s start page
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Steals private information from local Internet browsers

How to determine Backdoor:Win32/Smadow?


File Info:
name: D75F72B09338F7FC64B8.mlwpath: /opt/CAPEv2/storage/binaries/081190601e59bc36a52ce6935050da4113ece6f1ae9ec0a48b7c016070a1c4eacrc32: E4001572md5: d75f72b09338f7fc64b898270bf82567sha1: 09d1749d1d2f7f76a7e971fc64b3c74ec408c8adsha256: 081190601e59bc36a52ce6935050da4113ece6f1ae9ec0a48b7c016070a1c4easha512: 93ee36097a2d8a94538eb6dd75316c50415205a5055dc6575e4894e9bca2922cb16c41cf7b9630699462b382de7e706f151e283fa13b85ebd18d905b60df408bssdeep: 24576:CGfOVhVRufFFFFXcu4dlrCWoXJNgyzx/wWY:CGfqE3F4+WsDdxlYtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1CE05234CF225546DC0CBE771A52772A49B5C11B2A14AC0CF6B6FCA0B31519E0EBA74FBsha3_384: 293aacc9481caa9865cb3ce678d4471282b0fa71e45b6f499fb5c4f7644db13982b68137a88335c404771b39586e51deep_bytes: 558bec81ec44020000ff150070420089timestamp: 2005-11-14 12:58:31
Version Info:
0: [No Data]

Backdoor:Win32/Smadow also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Digitala.lnVY
MicroWorld-eScan	Gen:Trojan.Heur.KS.2
FireEye	Generic.mg.d75f72b09338f7fc
McAfee	ZeroAccess.de
Cylance	Unsafe
Zillya	Trojan.Digitala.Win32.481
Sangfor	Suspicious.Win32.Save.a
Alibaba	RiskWare:Win32/ArchSMS.84b6efdc
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	AI:Packer.A20BC7AF14
VirIT	Trojan.Win32.Generic.EAK
Cyren	W32/FakeAlert.TZ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.MNA
TrendMicro-HouseCall	TROJ_FAKEAV.SMID
Paloalto	generic.ml
ClamAV	Win.Trojan.5901025-1
Kaspersky	Hoax.Win32.ArchSMS.HEUR
BitDefender	Gen:Trojan.Heur.KS.2
NANO-Antivirus	Riskware.Win32.ArchSMS.ctfotc
APEX	Malicious
Tencent	Malware.Win32.Gencirc.10c2c1b4
Ad-Aware	Gen:Trojan.Heur.KS.2
Emsisoft	Gen:Trojan.Heur.KS.2 (B)
Comodo	TrojWare.Win32.Kryptik.MTD@38l7ad
DrWeb	Trojan.SMSSend.494
VIPRE	Gen:Trojan.Heur.KS.2
TrendMicro	TROJ_FAKEAV.SMID
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.bc
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A + Mal/FakeAV-IS
Ikarus	Trojan-Downloader.Win32.ZAccess
GData	Gen:Trojan.Heur.KS.2
Jiangmin	Hoax.ArchSMS.qb
Webroot	W32.Trojan.Gen
Avira	TR/Agent.TEL.A
MAX	malware (ai score=99)
Antiy-AVL	Trojan/Generic.ASMalwS.491
Arcabit	Trojan.Heur.KS.2
ZoneAlarm	Hoax.Win32.ArchSMS.HEUR
Microsoft	Backdoor:Win32/Smadow
Cynet	Malicious (score: 100)
AhnLab-V3	Unwanted/Win32.ArchSMS.R24158
Acronis	suspicious
VBA32	BScope.Backdoor.Agent
ALYac	Gen:Trojan.Heur.KS.2
Malwarebytes	Malware.AI.2264586614
Avast	Win32:Dropper-GMI [Drp]
Rising	Trojan.Generic@AI.100 (RDML:tnhI1aT/iTdJ2DfBenFgxQ)
Yandex	Trojan.GenAsa!uX/9ro773xI
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Kryptik.NPU!tr
AVG	Win32:Dropper-GMI [Drp]
Cybereason	malicious.09338f
Panda	Trj/Genetic.gen