Trojan

UDS:Trojan.Win32.Agent.xbjchd (file analysis)

Malware Removal

The UDS:Trojan.Win32.Agent.xbjchd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Trojan.Win32.Agent.xbjchd virus can do?

  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Yara detections observed in process dumps, payloads or dropped files

How to determine UDS:Trojan.Win32.Agent.xbjchd?



File Info:

name: CFDE78785F472B93E89D.mlw
path: /opt/CAPEv2/storage/binaries/fdcd0a8d4cc56e2e639e929a6caf1aaab8c8d0f5ad1751fb0e56bda9c61e6bcb
crc32: 806993CB
md5: cfde78785f472b93e89d721452e9a710
sha1: 3ef1d2d58b84ac389d2a9499b553999759454bd7
sha256: fdcd0a8d4cc56e2e639e929a6caf1aaab8c8d0f5ad1751fb0e56bda9c61e6bcb
sha512: 428f8eb6d0b3ff811106b5a46a5d7482314736f2100c3a2435346e2925c8ec8499652ffd34ca3ef1ac24747ff0a848bc77f85cbd240c34601a168087235d5168
ssdeep: 196608:/1cE6lG6TH/cXXPox5hbvvkdAQhNgTLB+wieoOTDd2SZR70wBOP:GRhfcnPox/42yNgTLB0lOTDgYOP
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1198633B311161282D4E4893DC637BDA4B1F7527F4E81D87CA6E65CC12A328F9A333957
sha3_384: 26ab81e7cf6b00d86b938f1e6f50eba4f29769f881d8617d9988a8f66b6e57339688fc3ee16e35c44013c100e6440a4a
ep_bytes: 6885613213e8d3ce1200ffe78b4c2500
timestamp: 1970-01-01 00:00:00


Version Info:

CompanyName: Xbot
FileDescription: Xbot 机器人
ProductName: Xbot
ProductVersion: v3.0.0
Translation: 0x0409 0x04b0

UDS:Trojan.Win32.Agent.xbjchd also known as:

BkavW32.AIDetectMalware
AVGWin32:Evo-gen [Trj]
Elasticmalicious (high confidence)
FireEyeGeneric.mg.cfde78785f472b93
SkyhighBehavesLike.Win32.Generic.rc
MalwarebytesGeneric.Malware/Suspicious
SangforSuspicious.Win32.Save.a
BitDefenderThetaGen:NN.ZexaF.36802.@V0@auV363hi
ESET-NOD32a variant of Win32/Packed.VMProtect.ACR
APEXMalicious
KasperskyUDS:Trojan.Win32.Agent.xbjchd
AvastWin32:Evo-gen [Trj]
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
MicrosoftTrojan:Win32/Casdet!rfn
ZoneAlarmUDS:Trojan.Win32.Agent.xbjchd
AhnLab-V3Trojan/Win.MalwareX-gen.C5592869
McAfeeArtemis!CFDE78785F47
Cylanceunsafe
RisingTrojan.Generic@AI.93 (RDML:j7jMReS/PWLSyVcBAVujaA)
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)
alibabacloudVirTool:Win/Packed.VMProtect.ACR

How to remove UDS:Trojan.Win32.Agent.xbjchd?

UDS:Trojan.Win32.Agent.xbjchd removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment