Categories: Malware

Exploit.Win32.Shellcode.xcc removal tips

The Exploit.Win32.Shellcode.xcc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Exploit.Win32.Shellcode.xcc virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial language used in binary resources: Ukrainian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Checks for the presence of known windows from debuggers and forensic tools
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

iplogger.org

leatherbond.top

ip-api.com

How to determine Exploit.Win32.Shellcode.xcc?


File Info:
crc32: DD785CD3md5: 89488162f046f9382ee2ef48127f07f6name: 89488162F046F9382EE2EF48127F07F6.mlwsha1: 0855dab4c9297af28185e56d70ad56c34fa0dc7csha256: db0de14458d1ec81a22be0f0393feee5885a668a78e88713162097255ad85c23sha512: 441cfe52a4b8f53f8a64cb2faf36c65588aee7050492377beca2f22a0d914a195c366995d5a51b60dd01619c8b9f0beb5f77289e7d70832e1dc78b6dc0567a40ssdeep: 12288:eJglU4WXG78R5eoaGdAA6hcx7fPzFQWMzz8ZfNsVgLxJo3:OI7WXG7cAdhUr5PooLxgtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalSurname: debaukd.ekzeProduct: 1.7.7FileVersions: 1.0.5.6LegalCo: Copyri (C) 2019, permudationz

Exploit.Win32.Shellcode.xcc also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen11.56742
MicroWorld-eScan	Trojan.GenericKD.45210916
FireEye	Generic.mg.89488162f046f938
Qihoo-360	Generic/HEUR/QVM11.1.382A.Malware.Gen
Cylance	Unsafe
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0057558e1 )
BitDefender	Trojan.GenericKD.45210916
K7GW	Trojan ( 0057558e1 )
Cybereason	malicious.4c9297
Cyren	W32/Kryptik.CVF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Exploit.Win32.Shellcode.xcc
Alibaba	Trojan:Win32/Shellcode.93fb411b
Rising	Backdoor.Agent!8.C5D (TFE:5:IhzqwXEXQUL)
Ad-Aware	Trojan.GenericKD.45210916
Emsisoft	Trojan.GenericKD.45210916 (B)
Comodo	Malware@#fmwy8tz6j481
F-Secure	Trojan.TR/AD.AHKInfoSteal.exrsr
McAfee-GW-Edition	BehavesLike.Win32.PWSBanker.hc
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Webroot	W32.Dropper.Gen
Avira	TR/AD.AHKInfoSteal.exrsr
Antiy-AVL	Trojan/Win32.Kryptik
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Zenpack.MT!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa
Arcabit	Trojan.Generic.D2B1DD24
ZoneAlarm	Exploit.Win32.Shellcode.xcc
GData	Trojan.GenericKD.45210916
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4280701
Acronis	suspicious
McAfee	RDN/Generic Exploit
MAX	malware (ai score=87)
VBA32	TrojanSpy.Stealer
Malwarebytes	Trojan.MalPack.GS
ESET-NOD32	a variant of Win32/Kryptik.HILL
Tencent	Win32.Exploit.Shellcode.Eang
Ikarus	Trojan.Win32.Crypt
eGambit	Unsafe.AI_Score_64%
Fortinet	W32/Kryptik.HGHW!tr
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)