Spy

About “Win32/XDSpy.A” infection

Malware Removal

The Win32/XDSpy.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/XDSpy.A virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Authenticode signature is invalid
  • Detects VirtualBox through the presence of a device
  • Detects VMware through the presence of a device

How to determine Win32/XDSpy.A?



File Info:

name: 9C4D7625AC1BDA7528AA.mlw
path: /opt/CAPEv2/storage/binaries/74d9bbe2ca1770ecfeaff5eea9c0dd2d3e147a234fe6e4f049fb6cc091be3b38
crc32: 78D2D97E
md5: 9c4d7625ac1bda7528aab4164e4310d1
sha1: c807b29c7ea379db14cfb9dd4a9127f5026ec821
sha256: 74d9bbe2ca1770ecfeaff5eea9c0dd2d3e147a234fe6e4f049fb6cc091be3b38
sha512: d70f8f1838e9e8b448b7262a5f9c45ce51c3b5a2f532006118a3eca5508784bede1aa588724d425bff15084bdf563aad6f74dc8468f15a73ee0abf475c7b3c0e
ssdeep: 3072:y38EMXnbHCajmZiU0Tx4BnIiXGEjNZLcEPkVL91W2rj8E4wcnGUjbGuCm:y38EMXjXrURqIGEjHa1Waj3gauCm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5347D21B494A433C633063B59986A5A877D75700AB10D9BB39C162DEFF41D3E732E2B
sha3_384: e81722eebaae036967c17beec972fde29fdaaded97c96298fbd3de426134eec8cb1ee6b73b8186806a582de9a1f7b241
ep_bytes: e83b070000e97afeffffcccc568b4424
timestamp: 2021-11-16 12:18:05


Version Info:

0: [No Data]

Win32/XDSpy.A also known as:

BkavW32.AIDetect.malware1
LionicHeuristic.File.Generic.00×1!p
Elasticmalicious (high confidence)
FireEyeGeneric.mg.9c4d7625ac1bda75
CylanceUnsafe
SangforTrojan.Win32.Agent.Vha0
CrowdStrikewin/malicious_confidence_70% (W)
K7GWTrojan ( 0059417f1 )
K7AntiVirusTrojan ( 0059417f1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/XDSpy.A
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Win32.GenericML.xnet
McAfee-GW-EditionArtemis!Trojan
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
WebrootW32.GenML.xnet
McAfeeArtemis!9C4D7625AC1B
VBA32BScope.Trojan.Sabsik.FL
TrendMicro-HouseCallTROJ_GEN.R002H0DHP22
RisingTrojan.Generic@AI.88 (RDML:4UHe31JytNVHqgjFEI025w)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34606.ouW@a4pI9Sgi

How to remove Win32/XDSpy.A?

Win32/XDSpy.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment