Backdoor

Backdoor:Win32/Xyligan.A removal tips

Malware Removal

The Backdoor:Win32/Xyligan.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Xyligan.A virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Xyligan.A?


File Info:

name: 796C4F4FDBFAFF20AD59.mlw
path: /opt/CAPEv2/storage/binaries/6f76008e51efdd4ad5c1f08a3bbea9c8bee202ae5fd70fe1dcb570d405045426
crc32: 4B2EB38A
md5: 796c4f4fdbfaff20ad5996415d741386
sha1: 8043bdb178654b44ffd147d89620f717c05ee281
sha256: 6f76008e51efdd4ad5c1f08a3bbea9c8bee202ae5fd70fe1dcb570d405045426
sha512: 798ae047b14dea36b491abb748ee346feeb5f4ef725903bb642769b14582b71da6428407bb280444db1f1c17799aee7117cdbf434e1347089b26b8f56fae5eb0
ssdeep: 1536:CF99Rl0+8G7eVdZ3c+dtdbUWg86SnQWjn4Ln49:CX9RS+8T42dbUWxQWjnAnA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F639D867F42E81AD6824D3048D7C5766E30BEFD2B82923631B1BF5EBCBD3646A1405D
sha3_384: d4901c61f6e5d55a68eaab945370adab2e9e9c4aef00e6eaa2a1735975117d09f84634320b3edd79849a832dd84d717a
ep_bytes: 555d81c400030000837c24f7097cf981
timestamp: 2010-03-19 12:43:11

Version Info:

0: [No Data]

Backdoor:Win32/Xyligan.A also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Dinwod.b!c
MicroWorld-eScanGen:Heur.Kelios.1
FireEyeGeneric.mg.796c4f4fdbfaff20
CAT-QuickHealTrojan.Generic.29560
SkyhighBehavesLike.Win32.VirRansom.kc
McAfeeGeneric Dropper.vd
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Heur.Kelios.1
SangforSuspicious.Win32.Save.a
AlibabaBackdoor:Win32/Xyligan.d8e8552b
K7GWTrojan ( 0055dd191 )
K7AntiVirusTrojan ( 0055dd191 )
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.GGN
APEXMalicious
TrendMicro-HouseCallTROJ_SRVSTRT.SMC
Paloaltogeneric.ml
KasperskyUDS:Trojan-Dropper.Win32.Dinwod.gen
BitDefenderGen:Heur.Kelios.1
AvastWin32:Dogrobot [Drp]
TencentMalware.Win32.Gencirc.11569678
EmsisoftGen:Heur.Kelios.1 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.DownLoad1.58649
ZillyaTrojan.Kryptik.Win32.118051
TrendMicroTROJ_SRVSTRT.SMC
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan-Dropper.Agent
JiangminTrojanSpy.FlyStudio.cx
WebrootW32.Trojan.Servstart.A
GoogleDetected
AviraTR/Dropper.Gen
VaristW32/ABRisk.AJBU-5463
Antiy-AVLTrojan/Win32.AGeneric
KingsoftWin32.Hack.Generic.a
MicrosoftBackdoor:Win32/Xyligan.A
XcitiumTrojWare.Win32.Kryptik.~NNZ@1qgexn
ArcabitTrojan.Kelios.1
ZoneAlarmUDS:Trojan-Dropper.Win32.Dinwod.gen
GDataGen:Heur.Kelios.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.CSon.R298
BitDefenderThetaAI:Packer.26ACB16A1F
MAXmalware (ai score=100)
Cylanceunsafe
PandaGeneric Suspicious
RisingTrojan.Kryptik!1.BC93 (CLASSIC)
YandexTrojan.Kryptik!6xb2TAKnElU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7175197.susgen
FortinetW32/DROPPER.SMC!tr
AVGWin32:Dogrobot [Drp]
DeepInstinctMALICIOUS
alibabacloudTrojan[Dropper]:Win/Kryptik.EPK

How to remove Backdoor:Win32/Xyligan.A?

Backdoor:Win32/Xyligan.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment