Malware

About “W32/Xolxo-B” infection

Malware Removal

The W32/Xolxo-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What W32/Xolxo-B virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine W32/Xolxo-B?


File Info:

name: 96771BDE1936460E3DFC.mlw
path: /opt/CAPEv2/storage/binaries/f78ef0216baaa2b897e9c59a103284d1b202db6c6834eb4d107ef2526d1f3f18
crc32: 254FD29A
md5: 96771bde1936460e3dfc1ec82f52f6b1
sha1: 8fefde622c3af5de32a28386af7a7b63a970b1b9
sha256: f78ef0216baaa2b897e9c59a103284d1b202db6c6834eb4d107ef2526d1f3f18
sha512: cbd6452b597a121b2e1c45528acaf40b1b322f1cd9159d84fe198dc415f2ca27e8ab7d1a940d1e335adeec46e2801843bcca3c117426687a3642774746736564
ssdeep: 98304:QzaCRVkK3WQtZ/K0tGOFWVRuLftCTwFhHZhcV2Vp:QzHkK3WyZ/K0ttYVAAT+hcV2Vp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B9865A1BF6D900E9D07AD1B4CE214721E6B2BC5A8BB155DF225462CD1E3BEE47B38720
sha3_384: 227d475b8ee6ce7674ff24cfc3c37759e242b9a9d537fab46f8d6e6e0288fb4d4c51fdf8b759ae1ffa45fd83a2fb8f68
ep_bytes: 558bec83c4f0b838464000e874e2ffff
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

W32/Xolxo-B also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.79273
FireEyeGeneric.mg.96771bde1936460e
CAT-QuickHealWorm.DelfPMF.S30896276
SkyhighBehavesLike.Win32.Generic.rh
ALYacTrojan.GenericKDZ.79273
MalwarebytesGeneric.Trojan.Delf.DDS
ZillyaWorm.Delf.Win32.3450
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0053c5661 )
K7GWTrojan ( 0053c5661 )
Cybereasonmalicious.22c3af
BaiduWin32.Virus.Lamer.f
SymantecW32.SillyP2P
tehtrisGeneric.Malware
ESET-NOD32Win32/Delf.NAY
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Ransomware.Ulise-9978047-0
KasperskyP2P-Worm.Win32.Delf.aj
BitDefenderTrojan.GenericKDZ.79273
NANO-AntivirusTrojan.Win32.Delf.oxkq
AvastWin32:Delf-SVI [Trj]
TencentVirus.Win32.Lamer.fh
EmsisoftTrojan.GenericKDZ.79273 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebWin32.HLLW.Kazaa.924
VIPRETrojan.GenericKDZ.79273
TrendMicroTROJ_AGENT_005911.TOMB
Trapminemalicious.high.ml.score
SophosW32/Xolxo-B
IkarusWorm.Win32.Eggnog
JiangminWorm/Delf.vm
WebrootW32.Worm.Gen
VaristW32/Delf.QB.gen!Eldorado
AviraTR/Dropper.Gen
Antiy-AVLVirus/Win32.BagarBubba.a
XcitiumTrojWare.Win32.Pincav.AV@2rw0ny
ArcabitTrojan.Generic.D135A9
ZoneAlarmP2P-Worm.Win32.Delf.aj
GDataTrojan.GenericKDZ.79273
GoogleDetected
AhnLab-V3Worm/Win32.Delf.R119214
Acronissuspicious
McAfeeW32/HLLP.11042.gen
MAXmalware (ai score=82)
VBA32Worm.Delf
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_AGENT_005911.TOMB
RisingWorm.P2p.Win32.Delf.bn (CLASSIC)
YandexTrojan.GenAsa!HYSjiRN/8Mk
SentinelOneStatic AI – Malicious PE
MaxSecureVirus.W32.Lamer.FG
FortinetW32/Aple.A
BitDefenderThetaGen:NN.ZelphiF.36792.@pZ@auciUnn
AVGWin32:Delf-SVI [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove W32/Xolxo-B?

W32/Xolxo-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment