Trojan

Trojan.Win32.DiskWriter.bxy (file analysis)

Malware Removal

The Trojan.Win32.DiskWriter.bxy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.DiskWriter.bxy virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • At least one process apparently crashed during execution
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (6 unique times)
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • A potential decoy document was displayed to the user
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings

Related domains:

www.bing.com
ocsp.digicert.com
ocsp.msocsp.com

How to determine Trojan.Win32.DiskWriter.bxy?



File Info:

crc32: EB2156BB
md5: 96a82745a68f0d3b78779d8ad29bfec6
name: 96A82745A68F0D3B78779D8AD29BFEC6.mlw
sha1: 2850f5bd726323dda582dad5e566e7d711988dda
sha256: 6a4d07b5ca316ebc7b86eb752739d104ac82184f0c628c8e5cd5c50c17bcceff
sha512: 385b737fc883aa9bb2943c5cd6bdc07e8f7e7776dd84f783825343026cd54eb525707e955c0206a2f7aadfe234ff8edc46754306bc715da629bdeaa31e68122b
ssdeep: 768:SPaLL71yGTu4WzACA49B6guXChKr8CeTveSyk2nfNpLRUM0cIqqxMUfEDnpH6SQ:EGyGTu4aAE6Xe6cyk23Li5qWMU6JJX
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan.Win32.DiskWriter.bxy also known as:

CylanceUnsafe
CrowdStrikemalicious_confidence_60% (W)
KasperskyTrojan.Win32.DiskWriter.bxy
McAfee-GW-EditionBehavesLike.Win32.BadFile.mm
Endgamemalicious (high confidence)
ZoneAlarmTrojan.Win32.DiskWriter.bxy
McAfeeArtemis!96A82745A68F
VBA32BScope.Trojan.Agent
IkarusTrojan.Win32.Zmem
Paloaltogeneric.ml

How to remove Trojan.Win32.DiskWriter.bxy?

Trojan.Win32.DiskWriter.bxy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment