Gridinsoft Logo

CYRnDwJtXgmiFxbZopG.exe Malware XWorm Analysis

Updated 1 year ago
Checked by Malware Check
CYRnDwJtXgmiFxbZopG.exe

Technical Analysis

File Name CYRnDwJtXgmiFxbZopG.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.140.174
Database Version 2023-10-01 06:01:46 UTC

Malware.Win64.XWorm.bot

Malware family: XWorm

XWorm is a Remote Access Trojan providing unauthorized system control to threat actors. It enables activity monitoring, data theft, and execution of malicious operations on compromised systems.
N/A
Detection Rate
1,280,736
File Size (bytes)
2023-10-01
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
10a559df527ad93c2e10fbdee05dbb62
SHA1
3359aeeae57fa66ab8e0ed8904fd18768879841d
SHA256
008922a9bcd25e1cbf52234ea926306bba3d646bfcd087d6fc6c6f58ab8ac54a
SHA512
31215be8fb6b220657aae93725de1f50ab0cd6351ef5f4a741f513cab41279ce09eb70de0e01db212a52704c9c8e49954b3e28f759d33aee8a3cca772dbf5d71
ImpHash
dd37d5107a0f5ef74aaa6f8fa4aebb1d

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x140400610
Compilation Time 2023-09-30 22:16:36
Checksum 0x00141ba0 (Actual: 0x00141ba0)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature Chain verification from C=US, ST=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011 (serial:241650942686610140216905766855329320641, sha1:c35920255f558fbe1fc1b953fd8d5114f6a8cd63) failed: The X.509 certificate provided is self-signed - "Common Name: Microsoft Code Signing PCA 2011, Organization: Microsoft Corporation, Organizational Unit: Microsoft Corporation, Locality: Redmond, State/Province: Washington, Country: US"
Imports 11 libraries
Exports 0 functions
Resources 1 Resources
Sections 3 Sections

Digital Signatures

Microsoft Code Signing PCA 2011 Microsoft Corporation (US)

Version Information

CompanyName oliiEEuf
FileDescription AqebOyu egoVOUoj ESaJEy anUbApUToL aIEJeMAs ITIBuja eOiW UwACiuAyEh EBUCEf.
FileVersion 1.17.278.50
InternalName iJImA
LegalCopyright © 2023 oliiEEuf.
OriginalFilename ioaJufuF
ProductName oZoxEN
ProductVersion 1.17.278.50
Comments OBawamU IoUGoGefI oWAp Ohag ajANEhUou.
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
UPX0 0x00001000 2,924,544 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
UPX1 0x002cb000 1,273,856 bytes 1,271,296 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E4A09A14344B6000356AAC084EC87645
.rsrc 0x00402000 4,096 bytes 2,048 bytes 3.91 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E87EBCAD2FA6F69DD3FF1BF3C0D91CA3
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 1 (908 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 908 bytes
100%

Certificate Chain Analysis

Certificate #1
Subject Microsoft Code Signing PCA 2011
Microsoft Corporation
US
Issuer Microsoft Code Signing PCA 2011
Serial Number 241650942686610140216905766855329320641
Certificate Verification Status

Chain verification from C=US, ST=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011 (serial:241650942686610140216905766855329320641, sha1:c35920255f558fbe1fc1b953fd8d5114f6a8cd63) failed: The X.509 certificate provided is self-signed - "Common Name: Microsoft Code Signing PCA 2011, Organization: Microsoft Corporation, Organizational Unit: Microsoft Corporation, Locality: Redmond, State/Province: Washington, Country: US"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Malware.Win64.XWorm.bot Removal

Gridinsoft has the capability to identify and eliminate Malware.Win64.XWorm.bot without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware