Categories: Malware

What is “Exploit.Win32.Shellcode.pxc”?

The Exploit.Win32.Shellcode.pxc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Exploit.Win32.Shellcode.pxc virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Performs HTTP requests potentially not found in PCAP.
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Behavioural detection: Injection (inter-process)
Attempts to modify proxy settings

How to determine Exploit.Win32.Shellcode.pxc?


File Info:
name: 145BEAC7B03D0F6D1567.mlwpath: /opt/CAPEv2/storage/binaries/d4d2f030fcf432be5e3d045203cd95c7335739396aa59d36c847b567d043a79dcrc32: F995EE9Fmd5: 145beac7b03d0f6d15674c4b37cec733sha1: bed383c9409932327882db4bac875ee4c9fe8812sha256: d4d2f030fcf432be5e3d045203cd95c7335739396aa59d36c847b567d043a79dsha512: d41b5e8e22f0e053feea1f60deb13adf7f1801aab5dcdf87346a89cf86ac5dc61fedbbbbdb74871b2eb833ec3fea7d935995ced53821b3a46f6030422f29509bssdeep: 192:llRDK1nrE8KJiQyv2s1O35hT5q8znHLRvosL6Sgf2k31gzmrY4Ad+:NK1nrEqQqu37TFnHtAsL6x262CY4Adtype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T1B6924A83A6D440F1F9F2C4F042959D22E6FB344AE2D0DF65D7E09E0E1B752C6A62E306sha3_384: 0de0ef53b974037eaeb90a68c2045855b3ad6b9d54cb676b3238d50b63272bef8fcf4bc9a425a8aeb2d16364c8ca936cep_bytes: e9930f0000558bec8b550433c08d0c10timestamp: 2005-01-04 20:56:05
Version Info:
0: [No Data]

Exploit.Win32.Shellcode.pxc also known as:

Bkav	W32.AIDetect.malware2
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Sileco.IM3
ALYac	Gen:Trojan.ExplorerHijack.biW@aeohFii
Cylance	Unsafe
VIPRE	Gen:Trojan.ExplorerHijack.biW@aeohFii
K7AntiVirus	Trojan-Downloader ( 002357071 )
K7GW	Trojan-Downloader ( 002357071 )
Cybereason	malicious.7b03d0
Cyren	W32/A-6d943db7!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Patched.F potentially unsafe
APEX	Malicious
Kaspersky	Exploit.Win32.Shellcode.pxc
BitDefender	Gen:Trojan.ExplorerHijack.biW@aeohFii
NANO-Antivirus	Virus.Win32.Gen.ccmw
ViRobot	Trojan.Win32.Downloader.20572.L
MicroWorld-eScan	Gen:Trojan.ExplorerHijack.biW@aeohFii
Avast	Win32:Evo-gen [Trj]
Ad-Aware	Gen:Trojan.ExplorerHijack.biW@aeohFii
Emsisoft	Gen:Trojan.ExplorerHijack.biW@aeohFii (B)
Comodo	TrojWare.Win32.TrojanDownloader.Small.aolo0@1pg76v
DrWeb	Trojan.DownLoad2.34395
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.145beac7b03d0f6d
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
GData	Gen:Trojan.ExplorerHijack.biW@aeohFii
Jiangmin	Win32/PatchFile.gk
Avira	TR/Crypt.XPACK.Gen5
Arcabit	Trojan.ExplorerHijack.E48D70
SUPERAntiSpyware	Trojan.Agent/Gen-Senta
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Downloader/Win32.Small.C162453
MAX	malware (ai score=83)
VBA32	BScope.Trojan.Downloader
Malwarebytes	Trojan.Silvana
Rising	Downloader.Sileco!1.9A7F (CLASSIC)
Ikarus	Trojan.Agent_r
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZexaF.34698.biW@aeohFii
AVG	Win32:Evo-gen [Trj]
Panda	Trj/Genetic.gen