Categories: Rootkit

How to remove “Rootkit.Win32.Xanfpezes.ccq”?

The Rootkit.Win32.Xanfpezes.ccq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Rootkit.Win32.Xanfpezes.ccq virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Loads a driver
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A named pipe was used for inter-process communication
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Rootkit.Win32.Xanfpezes.ccq?



File Info:

name: 98CDA079AE6E9365431C.mlwpath: /opt/CAPEv2/storage/binaries/7d0fe7791f8c062ccf0cbafe98d425b78c7d53a71076bc296fd53540ac5c902dcrc32: DAB650F8md5: 98cda079ae6e9365431c11e70a7832d5sha1: ee80e762ef204914f704ba668546079e8abe0dd5sha256: 7d0fe7791f8c062ccf0cbafe98d425b78c7d53a71076bc296fd53540ac5c902dsha512: 1636ada591b5b28f862887b14a5f0e25a6bf42a78a9415d238c3947b649fd34d8c460b261632ec3751f6b09f0c239773273d28045f1458354a51f92fff08413assdeep: 98304:b0tZ5CqZNWLemiaAwD7NWLemiaA5miaAwD7NWLeLF:b/qI5P85PZP8SFtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D416AE65F281E433E0A62F304E27C2E46739B9946E75955F33F42F4E3A75A837621382sha3_384: 0c742a329944d3671e5b23c599cd9461bbf0d0a5cbd68aa9c0848186df150ac3fd99f9feba522d36b4fa1eabd21a59d1ep_bytes: 558bec83c4e053565733c08945e08945timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Rootkit.Win32.Xanfpezes.ccq also known as:

Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Fugrafa.36923
FireEye Generic.mg.98cda079ae6e9365
CAT-QuickHeal Trojan.Rootkitdrv
McAfee Xanfpezes.a
Malwarebytes Malware.AI.3262377124
Zillya Rootkit.Xanfpezes.Win32.24
K7AntiVirus Trojan ( 001496011 )
Cybereason malicious.9ae6e9
Cyren W32/DelfInject.A.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Xanfpezes.A
APEX Malicious
Kaspersky Rootkit.Win32.Xanfpezes.ccq
BitDefender Gen:Variant.Fugrafa.36923
NANO-Antivirus Trojan.Win32.MLW.ejqaa
Avast Win32:TrojanX-gen [Trj]
Rising Trojan.Generic@ML.94 (RDML:wBQT46ZbUmatL3i84CqqLQ)
Ad-Aware Gen:Variant.Fugrafa.36923
Sophos Troj/Ghetifuh-A
DrWeb Trojan.Click1.28484
VIPRE Trojan.Win32.Generic.pak!cobra
TrendMicro TROJ_UNDEF.RX
McAfee-GW-Edition BehavesLike.Win32.Dropper.rh
Emsisoft Gen:Variant.Fugrafa.36923 (B)
SentinelOne Static AI – Malicious PE
Jiangmin Heur:Rootkit/Agent
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Generic.ASMalwS.55ED8
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Gen:Variant.Fugrafa.36923
Cynet Malicious (score: 100)
AhnLab-V3 Backdoor/Win32.Xanfpezes.C4075368
Acronis suspicious
BitDefenderTheta Gen:NN.ZelphiF.34294.@RZ@aub0uOhb
ALYac Gen:Variant.Fugrafa.36923
MAX malware (ai score=84)
VBA32 Rootkit.Xanfpezes
Cylance Unsafe
TrendMicro-HouseCall TROJ_UNDEF.RX
Tencent Malware.Win32.Gencirc.11d970cf
Yandex Trojan.GenAsa!vO1+7JyoNgg
Ikarus Trojan.Win32.Xanfpezes
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Xanfpezes.A!tr
AVG Win32:TrojanX-gen [Trj]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_70% (D)

How to remove Rootkit.Win32.Xanfpezes.ccq?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Rootkit.Win32.Xanfpezes.ccq
2 years ago

Recent Posts

Generic.Sdbot.E6D5958D removal guide

The Generic.Sdbot.E6D5958D is considered dangerous by lots of security experts. When this infection is active,…

7 mins ago

Malware.AI.1318074156 malicious file

The Malware.AI.1318074156 is considered dangerous by lots of security experts. When this infection is active,…

16 mins ago

Troj/Agent-BGOG removal instruction

The Troj/Agent-BGOG is considered dangerous by lots of security experts. When this infection is active,…

27 mins ago

How to remove “Win32/Patched.NKV”?

The Win32/Patched.NKV is considered dangerous by lots of security experts. When this infection is active,…

27 mins ago

Win32:Cycbot-HY [Trj] (file analysis)

The Win32:Cycbot-HY [Trj] is considered dangerous by lots of security experts. When this infection is…

28 mins ago

Malware.AI.4189161535 removal

The Malware.AI.4189161535 is considered dangerous by lots of security experts. When this infection is active,…

32 mins ago