Backdoor

BackdoorX-gen [Trj] (file analysis)

Malware Removal

The BackdoorX-gen [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BackdoorX-gen [Trj] virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine BackdoorX-gen [Trj]?



File Info:

name: 0DF944696FC2A00A3470.mlw
path: /opt/CAPEv2/storage/binaries/7f991ea287b4ea7d7617b58c66045d4707953a8faad9b8cec0882f79bedae743
crc32: 6BEC0FD5
md5: 0df944696fc2a00a347094ab1dca2b1a
sha1: 13b6e9da1058a7277c0ebdcead2df2249acd39cd
sha256: 7f991ea287b4ea7d7617b58c66045d4707953a8faad9b8cec0882f79bedae743
sha512: 1a83dcde50647959ab3c2233650f586447e56c18da05854c8ea551e41150dc3d9fa5965fb308d8a77c69334c4473135ffe62abfa32edac13d4ccec693711d599
ssdeep: 384:D87U6gBY+9gtxgIzDFbpy6pFrWQnVZyH4ffffffpRJW8IM1WK1W+ptYcFmVc03K:wx3/FNvnUMRI8IMHNtYcFmVc6K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15592061567A84732D23807BA2893264053369A1B5856EF6C7CCD51ED3FB370287A3B9B
sha3_384: f7579b2886289053a82adbca726385f7ccbe3ce0f69c90407699b9e5bbbedc4e7b7de4148c2b98ace77a062e7d515fb8
ep_bytes: ff250020400000000000000000000000
timestamp: 2064-07-10 23:46:14


Version Info:

Translation: 0x0000 0x04b0
Comments: Windows Mobility Center
CompanyName: Microsoft Corporation
FileDescription: Windows Mobility Center
FileVersion: 10.0.14393.0
InternalName: Axmvrxx.exe
LegalCopyright: Copyright (C) Microsoft. All rights reserved.
LegalTrademarks: 
OriginalFilename: Axmvrxx.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.14393.0
Assembly Version: 10.0.14393.0

BackdoorX-gen [Trj] also known as:

Elasticmalicious (high confidence)
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34606.bm0@aeUswug
CyrenW32/MSIL_Kryptik.HAB.gen!Eldorado
Paloaltogeneric.ml
KasperskyVHO:Backdoor.MSIL.Androm.gen
AvastBackdoorX-gen [Trj]
SentinelOneStatic AI – Suspicious PE
APEXMalicious
WebrootW32.Trojan.Gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
IkarusTrojan-Downloader.MSIL.Agent
AVGBackdoorX-gen [Trj]

How to remove BackdoorX-gen [Trj]?

BackdoorX-gen [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment