Spy

Win64:SpywareX-gen [Trj] (file analysis)

Malware Removal

The Win64:SpywareX-gen [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64:SpywareX-gen [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Exhibits possible ransomware file modification behavior

How to determine Win64:SpywareX-gen [Trj]?



File Info:

name: 0AA3F684084B6FCE74A9.mlw
path: /opt/CAPEv2/storage/binaries/47017faf149427b309d8e3c64644f4941b861765f5a1c8e1b256fce395acda89
crc32: 46243ECE
md5: 0aa3f684084b6fce74a97d60522f5037
sha1: 8a3dde6f043c9ba2cc7d02a6e645da3164dfcf19
sha256: 47017faf149427b309d8e3c64644f4941b861765f5a1c8e1b256fce395acda89
sha512: c14934b983fa31ad2a24d615165c0a0b76b247673e1e4191376247f3268ab42634e7d0b29245c93c34925f9d478e4a3c2c4c64b060ad9660626f5fc16f5d4366
ssdeep: 98304:kSiaYXgMDZpxeraBt8s13cPPJJHpo9YHvpaVz23F8e+f4sdgPoCBdKE1iCW:nMDZpMr8t8s13ALp3BI2V87f4soBBZW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15C46123FB268A13ED5AB1B3245B3D350597BB664A80B8C2F13F0094CCF6A5711E3B656
sha3_384: 17851d4f651fdc8526c54ef31d67b4cf9a250bed999c8e4a054579adc968d072d1d01d65f8b438324236773709ee13b2
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2021-06-03 08:09:11


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Cassio Fachinelli                                           
FileDescription: Mammoth Hand Converter Setup                                
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Mammoth Hand Converter                                      
ProductVersion: 3.1                                               
Translation: 0x0000 0x04b0

Win64:SpywareX-gen [Trj] also known as:

Cybereasonmalicious.f043c9
McAfee-GW-EditionBehavesLike.Win32.BadFile.tc
McAfeeArtemis!0AA3F684084B
AVGWin64:SpywareX-gen [Trj]
AvastWin64:SpywareX-gen [Trj]

How to remove Win64:SpywareX-gen [Trj]?

Win64:SpywareX-gen [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment