Spy Trojan

Trojan:Win32/SpywareX malicious file

Malware Removal

The Trojan:Win32/SpywareX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/SpywareX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (inter-process)
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the OzoneRAT malware family
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/SpywareX?



File Info:

name: F8220108B1CFBE52828F.mlw
path: /opt/CAPEv2/storage/binaries/540af6e934c1568893a2341f6604fb3b8905f7f02bb201bb01adfcf7ec43c146
crc32: 4228F214
md5: f8220108b1cfbe52828fb65d7b363895
sha1: e72953df0b83137c87e7b5f8c1fdad7b3a296e3a
sha256: 540af6e934c1568893a2341f6604fb3b8905f7f02bb201bb01adfcf7ec43c146
sha512: 0a467c4a7c67d1b1a18b56aed8d1e9c52d02815ae6d2d2b2f015fc530390ef40bb6b3dcb4bd04d48ce99435c98d23c067217fa37d6dfd959db490e5eed932977
ssdeep: 98304:CxmUvxVpIgzxRjKMY0442hWktYg5BZcxOxgAM4lfVKSPsrl7Ohw4T1Ra2aIOTm+h:CXrpNWhWtgXZYDAM4ltxKpKR74iXaN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F66335EEB23D5E2E62338F185315E375B12ED2A0A47784E474CB66E3C71222444FE7A
sha3_384: 4c9713e9268279e3b43d8d6ccdd59e0cc70bf45e6f62dd68972dfde6ce91ac58c71d16a0bbf12b89f23457a376e39461
ep_bytes: 81ecf80300005556576a205f33ed6801
timestamp: 2023-07-02 02:09:48


Version Info:

0: [No Data]

Trojan:Win32/SpywareX also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Xegumumune.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.68273853
McAfeeArtemis!F8220108B1CF
Cylanceunsafe
SangforSpyware.Win32.Xegumumune.V8qy
K7AntiVirusTrojan ( 0059b42a1 )
AlibabaTrojan:Win32/Xegumumune.e1fe9830
K7GWTrojan ( 0059b42a1 )
CyrenW32/ABRisk.IEWF-1647
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Themida.CL suspicious
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Xegumumune.ocn
BitDefenderTrojan.GenericKD.68273853
AvastWin32:SpywareX-gen [Trj]
TencentWin32.Trojan-Spy.Xegumumune.Uwhl
SophosMal/Generic-S
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.MulDrop22.48339
VIPRETrojan.GenericKD.68273853
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
FireEyeGeneric.mg.f8220108b1cfbe52
EmsisoftTrojan.GenericKD.68273853 (B)
GDataTrojan.GenericKD.68273853
JiangminTrojanDownloader.Script.iki
AviraTR/Crypt.XPACK.Gen
ArcabitTrojan.Generic.D411C6BD
ViRobotTrojan.Win.Z.Agent.6821139
ZoneAlarmTrojan-Spy.Win32.Xegumumune.ocn
MicrosoftTrojan:Win32/SpywareX
GoogleDetected
AhnLab-V3Trojan/Win.Crypt.C5445060
ALYacTrojan.GenericKD.68273853
MAXmalware (ai score=83)
MalwarebytesMalware.Heuristic.1003
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R053H07H623
RisingTrojan.Generic@AI.92 (RDML:kF2Ge6HQ/jFHFU49gdP9Lw)
IkarusPUA.Themida
FortinetRiskware/Application
AVGWin32:SpywareX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/SpywareX?

Trojan:Win32/SpywareX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment