Trojan.Andromeda

By CagedTech in Trojans

Threat Scorecard

Ranking:	3,060
Threat Level:	80 % (High)
Infected Computers:	69,837

First Seen:	January 16, 2013
Last Seen:	March 6, 2024
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Trojan.Andromeda

File System Details

Trojan.Andromeda may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	temp2924814056.exe	12224b26a4621d48c5b14b3ef59d677e	252
Name: temp2924814056.exe MD5: 12224b26a4621d48c5b14b3ef59d677e Size: 1.08 MB (1089897 bytes) Detections: 252 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
2.	temp325040394.exe	7df8d128456318415b6da7babdda2da9	111
Name: temp325040394.exe MD5: 7df8d128456318415b6da7babdda2da9 Size: 1.08 MB (1085423 bytes) Detections: 111 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: May 18, 2020
3.	temp2530652380.exe	cdab5e84205d8780e3f3937deba00aee	42
Name: temp2530652380.exe MD5: cdab5e84205d8780e3f3937deba00aee Size: 1.48 MB (1485824 bytes) Detections: 42 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
4.	temp2368817904.exe	7b82352cab21783225a2e4adc10372e5	32
Name: temp2368817904.exe MD5: 7b82352cab21783225a2e4adc10372e5 Size: 1.08 MB (1089836 bytes) Detections: 32 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
5.	msusia.exe	58813340f64d8fb3d2c9eb979a7c1789	28
Name: msusia.exe MD5: 58813340f64d8fb3d2c9eb979a7c1789 Size: 311.29 KB (311296 bytes) Detections: 28 Type: Executable File Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
6.	ccswdb.exe	ec62d054a4c985a1692026e0ae03f9c4	27
Name: ccswdb.exe MD5: ec62d054a4c985a1692026e0ae03f9c4 Size: 123.46 KB (123463 bytes) Detections: 27 Type: Executable File Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
7.	temp4070005724.exe	a7e2fee0619d516415cc8d168bb87815	26
Name: temp4070005724.exe MD5: a7e2fee0619d516415cc8d168bb87815 Size: 1.08 MB (1089434 bytes) Detections: 26 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
8.	temp1523121008.exe	597d39e4e83a1b9c73fdf13669bfd060	24
Name: temp1523121008.exe MD5: 597d39e4e83a1b9c73fdf13669bfd060 Size: 1.09 MB (1098315 bytes) Detections: 24 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
9.	Roaming/cppredistx86.exe	51ebf4ba41cf212b8b204014170f7a74	21
Name: Roaming/cppredistx86.exe MD5: 51ebf4ba41cf212b8b204014170f7a74 Size: 365.28 KB (365288 bytes) Detections: 21 Type: Executable File Path: C:\Users\<username>\AppData\Roaming/cppredistx86.exe Group: Malware file Last Updated: January 30, 2023
10.	msuwybt.com	0b459f0b0d947595b4a671dddf815b66	18
Name: msuwybt.com MD5: 0b459f0b0d947595b4a671dddf815b66 Size: 30.4 MB (30408704 bytes) Detections: 18 Type: Command, executable file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
11.	temp2592084110.exe	eb2b8e97e1afbd9bcd91c781fd30fafe	18
Name: temp2592084110.exe MD5: eb2b8e97e1afbd9bcd91c781fd30fafe Size: 1.08 MB (1088686 bytes) Detections: 18 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
12.	file.exe	dd158dc92052758519df867e586350d0	18
Name: file.exe MD5: dd158dc92052758519df867e586350d0 Size: 303.1 KB (303104 bytes) Detections: 18 Type: Executable File Group: Malware file Last Updated: February 18, 2022
13.	ccrzouca.bat	18e8dd34e2ed80572cdc78e327c24d29	16
Name: ccrzouca.bat MD5: 18e8dd34e2ed80572cdc78e327c24d29 Size: 99.06 KB (99060 bytes) Detections: 16 Type: Batch file Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
14.	cctmzwavu.pif	bc2bb280235e1ded6deed08ea4dac91a	14
Name: cctmzwavu.pif MD5: bc2bb280235e1ded6deed08ea4dac91a Size: 155.29 KB (155296 bytes) Detections: 14 Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: January 18, 2017
15.	temp1893493066.exe	0bdb2ba4619467fd6c2a6f80423de1a8	12
Name: temp1893493066.exe MD5: 0bdb2ba4619467fd6c2a6f80423de1a8 Size: 1.08 MB (1085887 bytes) Detections: 12 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: June 7, 2017
16.	buddypress.exe	ca806b09ee4f1eb5cf0846a556fbb1f3	4
Name: buddypress.exe MD5: ca806b09ee4f1eb5cf0846a556fbb1f3 Size: 196.6 KB (196608 bytes) Detections: 4 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Buddy_witness Group: Malware file Last Updated: March 27, 2018
17.	Roaming/Microsoft/Skype.exe	501aeb91abc596455a25cda8f890c951	4
Name: Roaming/Microsoft/Skype.exe MD5: 501aeb91abc596455a25cda8f890c951 Size: 606.2 KB (606208 bytes) Detections: 4 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
18.	Roaming/Microsoft/Skype.exe	536e46d1fcfeb3469c5b2e2bda475e95	4
Name: Roaming/Microsoft/Skype.exe MD5: 536e46d1fcfeb3469c5b2e2bda475e95 Size: 846.33 KB (846336 bytes) Detections: 4 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
19.	Roaming/microsoft/windows/usernet.exe	fb8da7a72c10ba72fbdc2c1acc93f7fd	3
Name: Roaming/microsoft/windows/usernet.exe MD5: fb8da7a72c10ba72fbdc2c1acc93f7fd Size: 372.73 KB (372736 bytes) Detections: 3 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming/microsoft/windows/usernet.exe Group: Malware file Last Updated: June 26, 2020
20.	Roaming/Microsoft/Skype.exe	d1a9e636d8dd04fe7f22d852438be468	2
Name: Roaming/Microsoft/Skype.exe MD5: d1a9e636d8dd04fe7f22d852438be468 Size: 873.47 KB (873472 bytes) Detections: 2 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
21.	Roaming/Microsoft/Skype.exe	ce6ba3df1d57ade7830c5315d77c9311	2
Name: Roaming/Microsoft/Skype.exe MD5: ce6ba3df1d57ade7830c5315d77c9311 Size: 543.23 KB (543232 bytes) Detections: 2 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming/Microsoft/Skype.exe Group: Malware file Last Updated: June 26, 2020
22.	roaming/microsoft/network/connections/hostsvcdl.exe	7e165b5bf1e57c2129ab093b95e1aaa7	2
Name: roaming/microsoft/network/connections/hostsvcdl.exe MD5: 7e165b5bf1e57c2129ab093b95e1aaa7 Size: 1.15 MB (1158144 bytes) Detections: 2 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata Group: Malware file Last Updated: July 5, 2019
23.	File.exe	2d1aed40c355c4fe9f3ccb1be052860b	1
Name: File.exe MD5: 2d1aed40c355c4fe9f3ccb1be052860b Size: 163.84 KB (163840 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: September 19, 2021
24.	Roaming/Microsoft/Skype.exe	3944e996c7850c70106fe075175aee3a	1
Name: Roaming/Microsoft/Skype.exe MD5: 3944e996c7850c70106fe075175aee3a Size: 473.08 KB (473088 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
25.	Roaming/Microsoft/Skype.exe	8199fd767ee618b4fc8944a8c4b6f2f4	1
Name: Roaming/Microsoft/Skype.exe MD5: 8199fd767ee618b4fc8944a8c4b6f2f4 Size: 471.55 KB (471552 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
26.	Roaming/Microsoft/Skype.exe	854225196ad95331c30757e7cf16d741	1
Name: Roaming/Microsoft/Skype.exe MD5: 854225196ad95331c30757e7cf16d741 Size: 867.32 KB (867328 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
27.	Roaming/Microsoft/Skype.exe	4896cc35c1b232693a71ee6954abec77	1
Name: Roaming/Microsoft/Skype.exe MD5: 4896cc35c1b232693a71ee6954abec77 Size: 564.22 KB (564224 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\AppData Group: Malware file Last Updated: July 5, 2019
28.	file.exe	02c8cf7aadb0587bed422f70d3847ccf	0
Name: file.exe MD5: 02c8cf7aadb0587bed422f70d3847ccf Size: 155.73 KB (155734 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: June 27, 2017
29.	file.exe	16f553bf68aca4b0bfb8bcf9ab1929d7	0
Name: file.exe MD5: 16f553bf68aca4b0bfb8bcf9ab1929d7 Size: 173.02 KB (173024 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: July 12, 2017

More files

Registry Details

Trojan.Andromeda may create the following registry entry or registry entries:

Regexp file mask

%APPDATA%\Microsoft\Skype.exe

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs

%LOCALAPPDATA%\teamviever_tr.exe

%temp%\temp[NUMBERS].exe

%Windir%\Skypee\skypee.exe

%WINDIR%\System32\Tasks\alFSVWJB

%WINDIR%\Tasks\alFSVWJB.job

HKEY..\..\..\..{RegistryKeys}

Software\alFSVWJB

Software\Microsoft\Windows\CurrentVersion\Run\action_extend

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buddy-telephone

Directories

Trojan.Andromeda may create the following directory or directories:

%APPDATA%\Buddy_witness

%APPDATA%\alFSVWJB

%LOCALAPPDATA%\Action-tend

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.Andromeda

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.Andromeda

File System Details

Registry Details

Directories

Submit Comment

Trending

Chainpcnetwork.co.in

'Microsoftsupport.co' Pop-Up Scam

Slime Ransomware

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?