Trojan

Trojan.Win32.SelfDel.hxju (file analysis)

Malware Removal

The Trojan.Win32.SelfDel.hxju is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.SelfDel.hxju virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Network anomalies occured during the analysis.
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Win32.SelfDel.hxju?



File Info:

name: 79E2B225C93258A8AB08.mlw
path: /opt/CAPEv2/storage/binaries/fe195152fa3092fb352c06a57684abdacd025e527778d1338e183ecbd3745ac8
crc32: 11CEFAB6
md5: 79e2b225c93258a8ab08fe48c005859e
sha1: 9cf690f46a5bd0c66248759984c3bba1601067c8
sha256: fe195152fa3092fb352c06a57684abdacd025e527778d1338e183ecbd3745ac8
sha512: 4ddbf6e7f5495138a2895f7bbb01f41d7d9d0e0ed101d103b068f97d4e3661ca8af1c3e9a474e6e4b5e667ddb242538a66e4850ab87a76e80630a921d9fc885d
ssdeep: 196608:fOcQ7L0oCK0QO64Jl/3Mj+EiPDd/DjV8uas78o7O7EoC+SHpH:fOcQfmK0QGvM+EObPas47EqSHh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T164B6337B56661189D1E8C83ECA3FBD9A71F657664982DC7D52B638D02621CF8F302C43
sha3_384: 439472a4da5acf22be0d06c409e20a291678c78d8c121ec12e7e6c49b41d92224206a9dccb96310cfd868365b46db2ba
ep_bytes: 6846973252e8076f12004184de55311c
timestamp: 2022-01-20 11:31:45


Version Info:

CompanyName: MS
FileDescription: VINACF PATCHER
FileVersion: 1, 0, 0, 1
InternalName: VINACF PATCHER
LegalCopyright: Copyright © 2015
OriginalFilename: VINACF PATCHER
ProductName: VINACF PATCHER
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Trojan.Win32.SelfDel.hxju also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop19.27294
MicroWorld-eScanTrojan.GenericKD.48198847
FireEyeGeneric.mg.79e2b225c93258a8
McAfeeArtemis!79E2B225C932
CylanceUnsafe
ZillyaTrojan.SelfDel.Win32.66525
SangforTrojan.Win32.SelfDel.hxju
K7AntiVirusTrojan ( 7000001c1 )
AlibabaTrojan:Win32/SelfDel.9aabf87a
K7GWTrojan ( 7000001c1 )
Cybereasonmalicious.5c9325
BitDefenderThetaGen:NN.ZexaF.34182.@N0@a0wAVMgi
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.SelfDel.hxju
BitDefenderTrojan.GenericKD.48198847
AvastWin32:Malware-gen
TencentWin32.Trojan.Selfdel.Aliw
EmsisoftTrojan.GenericKD.48198847 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SophosMal/Generic-S
AviraHEUR/AGEN.1200284
MAXmalware (ai score=82)
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
ZoneAlarmTrojan.Win32.SelfDel.hxju
GDataTrojan.GenericKD.48198847
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.Generic.C4334067
VBA32TScope.Malware-Cryptor.SB
ALYacTrojan.GenericKD.48198847
MalwarebytesTrojan.SelfDelete
TrendMicro-HouseCallTROJ_GEN.R002H0CB322
RisingTrojan.SelfDel!8.275 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.SelfDel.hxju?

Trojan.Win32.SelfDel.hxju removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment