Spy Trojan

Should I remove “Trojan-Spy.Win32.Stealer.xoc”?

Malware Removal

The Trojan-Spy.Win32.Stealer.xoc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Stealer.xoc virus can do?

  • Injection (inter-process)
  • Creates RWX memory
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

tJVyaYtoQvIrrvkTmfWDoA.tJVyaYtoQvIrrvkTmfWDoA

How to determine Trojan-Spy.Win32.Stealer.xoc?



File Info:

crc32: B9BFA702
md5: d36c0114e9621008c6c3476f1ca42948
name: D36C0114E9621008C6C3476F1CA42948.mlw
sha1: 60cfe6897dee7fa1df31848955b46d81e364c250
sha256: 29b9058449c81cf5aaa57316c620d80a48e2161d583c6e9351b8c44899315505
sha512: d36812e88c25d393e5ece3ee4c4a173044caa2fc8ab367992198273a36b514ae123d579379db29c8a9e5b1da0d18e85b55278c4e6f9a2c98c96051c27e3e5ab9
ssdeep: 49152:NLKJpMbXi5mX9lFjXdfUlApTppXInuYl4Qa25Jxd/ANV+AMNOpcqCbVj2Ao:NLKEbSQ9njX5UW0nuWBJPIjMEpcqCbk
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Yaxdrvb                
FileVersion: 11.10.0106.79684 (mcmuxnv_kuh.293181-9807)
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
ProductVersion: 11.10.0106.79684
FileDescription: Hkc93 Jagdlme Dcefmrnbrr                                           
OriginalFilename: ZNHFLUA.EXE            .GHI
Translation: 0x0409 0x04b0

Trojan-Spy.Win32.Stealer.xoc also known as:

K7AntiVirusRiskware ( 0040eff71 )
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.45800721
CylanceUnsafe
AlibabaTrojan:Win32/Stealer.3038acee
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.97dee7
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Spy.Win32.Stealer.xoc
BitDefenderTrojan.GenericKD.45800721
MicroWorld-eScanTrojan.GenericKD.45800721
Ad-AwareTrojan.GenericKD.45800721
SophosMal/Generic-S
F-SecureTrojan.TR/Spy.Stealer.gohuf
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
FireEyeTrojan.GenericKD.45800721
EmsisoftTrojan.GenericKD.45800721 (B)
SentinelOneStatic AI – Suspicious PE
WebrootW32.Malware.Gen
AviraTR/Spy.Stealer.gohuf
MicrosoftHackTool:Win32/AutoKMS!ml
ArcabitTrojan.Generic.D2BADD11
AegisLabTrojan.Multi.Generic.4!c
ZoneAlarmTrojan-Spy.Win32.Stealer.xoc
GDataTrojan.GenericKD.45800721
McAfeeArtemis!D36C0114E962
MAXmalware (ai score=88)
MalwarebytesTrojan.Agent.HDC.Generic
PandaTrj/CI.A
IkarusMalware.Win32.AVEvader
FortinetW32/Stealer.XOC!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/TrojanSpy.Generic.HgIASP0A

How to remove Trojan-Spy.Win32.Stealer.xoc?

Trojan-Spy.Win32.Stealer.xoc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment