» xahirus.exe
Overview
Analysis
File Details
Behaviors (1)

xahirus.exe

The executable xahirus.exe has been detected as malware by 20 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘suc’.

File name:

xahirus.exe

MD5:

4967f9a301eda8646987accf6b6a1616

SHA-1:

fee8a4c6132b01a7582635cb823de0c29f500dca

SHA-256:

8faa714525551482b845ae53633e8f482bebf67b63a6f123c7fb53c264b60b17

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/24/2024 1:47:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13123985

667

AhnLab V3 Security

Trojan/Win64.Zbot

2015.03.29

AVG

Generic36

2016.0.3156

Baidu Antivirus

Trojan.Win32.Scar

4.0.3.1549

Bitdefender

Trojan.Generic.13123985

1.0.20.495

Emsisoft Anti-Malware

Trojan.Generic.13123985

8.15.04.09.02

ESET NOD32

MSIL/Kryptik.BOI (variant)

9.11430

Fortinet FortiGate

W32/Scar.BOI!tr

4/9/2015

F-Secure

Trojan.Generic.13123985

11.2015-09-04_5

G Data

Trojan.Generic.13123985

15.4.25

IKARUS anti.virus

Trojan.MSIL.Crypt

t3scan.1.8.9.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2275

Malwarebytes

Trojan.FakeMS

v2015.03.28.10

MicroWorld eScan

Trojan.Generic.13123985

16.0.0.297

Qihoo 360 Security

Win32/Trojan.a06

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.8.22

SUPERAntiSpyware

Trojan.Agent/Gen-Tester

9947

Trend Micro House Call

Cryp_Xin1

7.2.87

Trend Micro

Cryp_Xin1

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

39092

File size:

315.5 KB (323,072 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\roaming\gavuli\xahirus.exe

File PE Metadata

Compilation timestamp:

3/24/2015 11:49:02 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:TrHM956dxQqhiT05WQJYUC8BeXAawtvg3hy8TGsibuEeAZonNpRJwktlOZd:G6hANQJYUC8gQaswhy/9mAZCN/J8Zd

Entry address:

0x1ED0

Entry point:

40, 53, 48, 81, EC, 40, 08, 00, 00, FF, 15, 39, F2, FF, FF, 39, 05, 13, F0, 04, 00, 0F, 84, E2, 00, 00, 00, 48, 8D, 54, 24, 40, B9, FF, 00, 00, 00, FF, 15, E5, F1, FF, FF, 85, C0, 74, 2C, 3D, 00, 01, 00, 00, 73, 25, 33, C9, 85, C0, 74, 1F, 4C, 8B, 05, 8D, EF, 04, 00, 48, 8D, 54, 24, 40, 4C, 39, 02, 0F, 84, AC, 00, 00, 00, FF, C1, 48, 83, C2, 08, 3B, C8, 72, ED, B8, 60, 00, 00, 00, 48, 8D, 0D, 69, EF, 04, 00, 48, FF, C8, C6, 04, 08, 00, 75, F0, 48, 8D, 0D, 71, EF, 04, 00, FF, 15, 63, F1, FF, FF, BB, 00, 00... 
[+]

Entropy:

5.1326

Code size:

312.5 KB (320,000 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

suc

Command:

C:\users\{user}\appdata\roaming\gavuli\xahirus.exe

Remove xahirus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.