Spy

How to remove “SpywareX-gen [Trj]”?

Malware Removal

The SpywareX-gen [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What SpywareX-gen [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Marathi
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine SpywareX-gen [Trj]?



File Info:

name: 0B65510308EA3FEEE89F.mlw
path: /opt/CAPEv2/storage/binaries/23d086faf63e852115198dbc5543ba332d3ba2961d19204d2fa748f6022f9582
crc32: 430C0E26
md5: 0b65510308ea3feee89f4d2598e417ae
sha1: cb98a724f26ed88fc5a86b1dd379c39432222360
sha256: 23d086faf63e852115198dbc5543ba332d3ba2961d19204d2fa748f6022f9582
sha512: 8194b199e17b2f0346fd13a4bdadc6f3545067c7c083300d738bf055ff913c5e277e8718211e4033650568f2dbb1534dc4a979ea0544eef8ae8f4f9696631682
ssdeep: 3072:C/PVQA/2ZLcdEZf+XEfJ8BUqoPr/uNJ9s:6eDLf5JxYUVPr/yJ9s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CB04BE1132E0C473D1B27AB05877E6616A2F3D615B7C748F279812BA2F712C28BB5357
sha3_384: f5366b6b57b61d7635b2bcbd39a483cc3f7bc1d091adb1f6d8f5775800603ba39390feee751eb4b90cbfbc89a482dc26
ep_bytes: e8401a0000e989feffff578bc683e00f
timestamp: 2021-09-26 06:32:05


Version Info:

FileVersion: 8.71.86.86
Copyrighz: Copyright (C) 2022, pazkarte
ProjectVersion: 28.81.74.73

SpywareX-gen [Trj] also known as:

FireEyeGeneric.mg.0b65510308ea3fee
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005892fe1 )
K7GWTrojan ( 005892fe1 )
Cybereasonmalicious.4f26ed
CyrenW32/Kryptik.GKN.gen!Eldorado
SymantecPacked.Generic.525
Elasticmalicious (high confidence)
KasperskyUDS:Trojan.Win32.Strab.gen
AvastSpywareX-gen [Trj]
SophosML/PE-A
APEXMalicious
MicrosoftTrojan:Win32/Azorult.FW!MTB
CynetMalicious (score: 100)
Acronissuspicious
MalwarebytesTrojan.MalPack.GS
RisingTrojan.Generic@AI.90 (RDMK:cmRtazocxfwXSbDAvrs1ROTfj7cX)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
AVGSpywareX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove SpywareX-gen [Trj]?

SpywareX-gen [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment