Categories: Backdoor

Backdoor:Win32/Xiclog.A removal tips

The Backdoor:Win32/Xiclog.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Xiclog.A virus can do?

Executable code extraction
Creates RWX memory
Expresses interest in specific running processes
The binary likely contains encrypted or compressed data.
Checks for the presence of known windows from debuggers and forensic tools
The following process appear to have been packed with Themida: test_release.exe
Network activity detected but not expressed in API logs
Checks for the presence of known devices from debuggers and forensic tools
Detects the presence of Wine emulator via registry key
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

How to determine Backdoor:Win32/Xiclog.A?


File Info:
crc32: 6FC50F30md5: a5cf1382240eff8732986e1413f3cd95name: test_release.exesha1: 5b1f5a14098295dff586885ba088fbc5ca7daecasha256: 12045529a597c7aea667440352099ece292fcf00fe3c7a2b2c55669a3b471bd7sha512: b2f86ccbfa59161204b3f041b8d4c184f4e0f07519a943085d68fd5e180a13d045f2902b42c96b198e48bc2e49ab27f8c8579a83333fb742c8044cd1b74c138cssdeep: 49152:jQDEr75xYBPe/Vm0u309RdDN1t63AleRbBeaKLc:cQYwc03jdhpletAaKLctype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: @ BittdeffenderInternalName: bidec.dllFileVersion: 2.99.2.317 2w22222ffCompanyName: BittdeffenderProductName: Bittdeffender SwecurityProductVersion: 2.3.2.317 2w22222ffFileDescription: COM SurrogateOriginalFilename: bidec.dllTranslation: 0x0409 0x04b0

Backdoor:Win32/Xiclog.A also known as:

Bkav	W32.HfsAutoB.
MicroWorld-eScan	Trojan.GenericKD.40477213
FireEye	Generic.mg.a5cf1382240eff87
Qihoo-360	Win32/Trojan.Spy.e67
ALYac	Trojan.GenericKD.40477213
Zillya	Trojan.Downeks.Win32.715
K7AntiVirus	Trojan ( 0053c5fa1 )
BitDefender	Trojan.GenericKD.40477213
K7GW	Trojan ( 0053c5fa1 )
Cybereason	malicious.2240ef
BitDefenderTheta	Gen:NN.ZexaF.34104.lA0aa40utHci
Paloalto	generic.ml
GData	Trojan.GenericKD.40477213
Kaspersky	Trojan-Spy.MSIL.Downeks.caz
Alibaba	TrojanSpy:MSIL/Downeks.dfb096d2
NANO-Antivirus	Trojan.Win32.Downeks.fhsivi
AegisLab	Trojan.MSIL.Downeks.4!c
Rising	Backdoor.Xiclog!8.E79B (CLOUD)
Ad-Aware	Trojan.GenericKD.40477213
Emsisoft	Trojan.GenericKD.40477213 (B)
Comodo	Malware@#2vhhlvqtdprfx
F-Secure	Heuristic.HEUR/AGEN.1047239
DrWeb	BackDoor.Quasar.1
VIPRE	Trojan.Win32.Generic!BT
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.PUPXBD.vc
SentinelOne	DFI – Suspicious PE
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
APEX	Malicious
Jiangmin	TrojanSpy.MSIL.zmy
Avira	HEUR/AGEN.1047239
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D269A21D
ZoneAlarm	Trojan-Spy.MSIL.Downeks.caz
Microsoft	Backdoor:Win32/Xiclog.A
TACHYON	Trojan-Spy/W32.Downeks.2277376
AhnLab-V3	Malware/Win32.Generic.C2718348
Acronis	suspicious
McAfee	Artemis!A5CF1382240E
ESET-NOD32	a variant of Win32/Packed.Themida.ASA
Tencent	Msil.Trojan-spy.Downeks.Lnyd
Yandex	TrojanSpy.Downeks!
Ikarus	Trojan-Spy.Agent
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/PossibleThreat
AVG	FileRepMalware
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_90% (W)
MaxSecure	Trojan.Malware.7175239.susgen