Malware

What is “Downloader.Win32.YXdown.vho”?

Malware Removal

The Downloader.Win32.YXdown.vho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.YXdown.vho virus can do?

  • Presents an Authenticode digital signature
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Network activity contains more than one unique useragent.
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Anomalous binary characteristics

How to determine Downloader.Win32.YXdown.vho?



File Info:

crc32: E104ACF3
md5: f063a1e88c8cee2633bd2a0610792a06
name: F063A1E88C8CEE2633BD2A0610792A06.mlw
sha1: 1e2e119a5c0ad5d625fb29b21e578e915f34e596
sha256: 23dd15e8b6caae4d9849b62ed7755a7eff4c92e196f1d7d04352c360b4a3c1f3
sha512: b7199e95aa9b0f47bae4c09386f264bdf071d0f5a388e082f01b2ab51bc5d5e1fdfc8d4e6fcde3a1fc812e8c8f9a7b208aeb399ec347cd6727fb9279c35c5674
ssdeep: 196608:3VOjuLuNfsj89Z4w66PV9fd6Hoj+5FT4zqyRrS:PuNfsCP/8HW+oWiS
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2019 Shanghai Youwo Information Technology Co., Ltd.
InternalName: Setup
FileVersion: 1, 2, 3, 7
Comments: x5b89x88c5x5411x5bfc
ProductName: x5b89x88c5x5411x5bfc
ProductVersion: 1, 2, 3, 7
FileDescription: x5b89x88c5x5411x5bfc
OriginalFilename: Setup.exe
Translation: 0x0804 0x04b0

Downloader.Win32.YXdown.vho also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.36436134
FireEyeGeneric.mg.f063a1e88c8cee26
ALYacTrojan.GenericKD.36436134
CylanceUnsafe
ZillyaTool.YouXun.Win32.770
AegisLabRiskware.Win32.YXdown.1!c
SangforTrojan.Win32.GenericKD.32772148
K7AntiVirusTrojan ( 0056c5331 )
BitDefenderTrojan.GenericKD.36436134
K7GWTrojan ( 0056c5331 )
Cybereasonmalicious.88c8ce
CyrenW32/Application.OUNT-1792
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Ulise-9782745-0
Kasperskynot-a-virus:HEUR:Downloader.Win32.YXdown.vho
AlibabaRiskWare:Win32/YouXun.209ab0c7
NANO-AntivirusTrojan.Win32.YouXun.hahyvs
Ad-AwareTrojan.GenericKD.36436134
EmsisoftTrojan.GenericKD.36436134 (B)
ComodoMalware@#xouud706p4q9
DrWebTrojan.Siggen9.10927
VIPRETrojan.Win32.Generic!BT
TrendMicroPUA.Win32.YouXun.AJ
McAfee-GW-EditionGenericRXLE-TF!F063A1E88C8C
SophosMal/Generic-R + YouXun (PUA)
SentinelOneStatic AI – Suspicious PE
JiangminDownloader.YXdown.aq
WebrootW32.Malware.Gen
GridinsoftTrojan.Win32.Youxun.vb
ArcabitTrojan.Generic.D22BF8A6
ViRobotAdware.Youxun.10105808
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.YXdown.vho
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.Agent.R307138
McAfeeGenericRXLE-TF!F063A1E88C8C
VBA32BScope.Trojan.FakeAlert
MalwarebytesBladabindi.Backdoor.Njrat.DDS
PandaTrj/CI.A
RisingTrojan.Generic@ML.100 (RDMK:FKZEptplW8DmOI/20uAD5A)
YandexTrojan.GenAsa!ge24c/Ky8Ss
IkarusPUA.RiskWare.Youxun
eGambitUnsafe.AI_Score_66%
FortinetW32/Eldorado.5AE8!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Downloader.Win32.YXdown.vho?

Downloader.Win32.YXdown.vho removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment