Ransom Trojan

TrojanRansom.Xorist information

Malware Removal

The TrojanRansom.Xorist is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What TrojanRansom.Xorist virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Exhibits possible ransomware file modification behavior
  • CAPE detected the Xorist malware family
  • Clears web history

How to determine TrojanRansom.Xorist?


File Info:

name: 5EF11856EF3CA03F2D2C.mlw
path: /opt/CAPEv2/storage/binaries/a5fa5e74f6cf2cec2fdb9e72c4e48e5503bf1c95f8708a3a8d3f38ab45844d1b
crc32: C948D892
md5: 5ef11856ef3ca03f2d2c35456d37de35
sha1: 8bc02dda6717d62df11635e17e4a7c908a3606c0
sha256: a5fa5e74f6cf2cec2fdb9e72c4e48e5503bf1c95f8708a3a8d3f38ab45844d1b
sha512: 0556bf5771a894ba3df2d66d2de47faf10753c9698f37ac747c0c74bf37c1ba283d97236347e1070733437e5804621e0417b9200ecffaa878053d30178b4f04d
ssdeep: 96:11Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExtCm82B8cQDyPnQaXt40:Tzdrr1FG1WDCgmjPZtA2cyPQE4MUA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18DE16D5B656750EBC0A35231034FC35371BF709117E086A5EA7CAFAA6857850AD36A14
sha3_384: 363ffd389b5713ed62f8e4594c117de3f6678556b9e10736c90b8d7bdae479e787fc0e826e97a552cd71beb9dda688e2
ep_bytes: 60be159040008dbeeb7fffff57eb0b90
timestamp: 2012-01-29 18:49:03

Version Info:

0: [No Data]

TrojanRansom.Xorist also known as:

LionicTrojan.Win32.Xorist.lxle
MicroWorld-eScanTrojan.Ransom.AIG
ClamAVWin.Trojan.CryptoTorLocker2015-1
FireEyeGeneric.mg.5ef11856ef3ca03f
CAT-QuickHealTrojan.Ransom.FO4
McAfeeGenericRXAA-AA!5EF11856EF3C
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusRansomware ( 005451b81 )
Alibabavirus:Win32/InfectPE.ali2000007
K7GWRansomware ( 005451b81 )
Cybereasonmalicious.6ef3ca
BitDefenderThetaGen:NN.ZexaF.34646.amGfaW6kU6ci
CyrenW32/Filecoder.Y.gen!Eldorado
SymantecRansom.CryptoTorLocker
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Filecoder.Q
BaiduWin32.Trojan.Filecoder.g
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Xorist.ln
BitDefenderTrojan.Ransom.AIG
NANO-AntivirusTrojan.Win32.Xorist.dxuuhl
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.CryptoTorLocker2015.a
Ad-AwareTrojan.Ransom.AIG
SophosML/PE-A + Troj/Ransom-EY
ComodoTrojWare.Win32.Kryptik.ER@4o1ar2
DrWebTrojan.Encoder.25389
VIPRETrojan.Ransom.AIG
TrendMicroRansom_XORIST.SMA
McAfee-GW-EditionBehavesLike.Win32.Generic.zc
Trapminemalicious.high.ml.score
EmsisoftTrojan.Ransom.AIG (B)
IkarusTrojan.Win32.Obfuscated
JiangminTrojan/Xorist.dl
AviraTR/Ransom.Xorist.EJ
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.402
MicrosoftRansom:Win32/Sorikrypt
ArcabitTrojan.Ransom.AIG
GDataWin32.Trojan-Ransom.Xorist.D
GoogleDetected
AhnLab-V3Trojan/Win32.Xorist.R25524
VBA32TrojanRansom.Xorist
ALYacTrojan.Ransom.AIG
TACHYONRansom/W32.Xorist.12800
MalwarebytesTrojan.FileLock
TrendMicro-HouseCallRansom_XORIST.SMA
RisingRansom.Sorikrypt!8.8822 (TFE:5:H50DeYUdIVS)
YandexTrojan.GenAsa!/o0pq2Faa4I
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Xorist.DD8C!tr.ransom
AVGWin32:Evo-gen [Trj]
PandaTrj/RansomXor.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove TrojanRansom.Xorist?

TrojanRansom.Xorist removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment