home

xfacc.exe

旋风影音

Shanghai Digital Century Network Co.,Ltd.

The executable xfacc.exe has been detected as malware by 10 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘XFACC’.
Publisher:
www.xuanfeng.com  (signed by Shanghai Digital Century Network Co.,Ltd.)

Product:
旋风影音

Version:
2.7.5.0

MD5:
41499bf45623b8792d491b8802481f80

SHA-1:
fcbb783d1172098918890d2a8c032c64c6262eee

SHA-256:
93c66d7587ae1b3b1b90927d0d3532b72986c3c86943cce1da9414d99496fa90

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
4/25/2024 7:46:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Generic.919537
459

Arcabit
Backdoor.Generic.DE07F1
1.0.0.425

Bitdefender
Backdoor.Generic.919537
1.0.20.1530

Dr.Web
BackDoor.BlackHole.19740
9.0.1.0306

Emsisoft Anti-Malware
Backdoor.Generic.919537
8.15.11.02.11

F-Secure
Backdoor.Generic.919537
11.2015-02-11_2

G Data
Backdoor.Generic.919537
15.11.25

IKARUS anti.virus
Backdoor.Win32.BlackHole
t3scan.1.9.5.0

MicroWorld eScan
Backdoor.Generic.919537
16.0.0.918

nProtect
Backdoor.Generic.919537
15.08.25.01

File size:
345.5 KB (353,816 bytes)

Product version:
2.7.5.0

Copyright:
www.xuanfeng.com 版权所有

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Signed by:
Shanghai Digital Century Network Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/13/2013 5:00:00 PM

Valid to:
6/14/2014 4:59:59 PM

Subject:
CN="Shanghai Digital Century Network Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shanghai Digital Century Network Co.,Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7A9614A6E69B814BF05CB1C6A3F266EE

File PE Metadata
Compilation timestamp:
1/22/2014 2:13:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:JJRABWUa++bgwyxWJKvzq6G7vcwQ51MY4amJn5B/nf51vByo9o:0WUa++bg7xSgu6Gowomx5Bvf3ByoC

Entry address:
0x1000

Entry point:
B8, 44, 57, 4F, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 1F, DC, F9, CD, C9, F0, A6, 2F, 6C, 30, 26, 19, 27, 1B, 01, C8, 6D, 41, E6, 62, 7B, 2D, EC, 22, 81, 72, 8D, 0E, 6C, 29, 11, 01, 04, D9, 28, 14, 44, 7D, 54, 2E, 2D, 84, D5, B5, FC, 48, 47, EF, BA, 6D, E9, 0F, F9, DE, 49, F6, 48, 61, D6, B5, 2C, E7, 6D, 85, 00, 19, 58, 17, C3, 3D, 71, 07, 93, 1C, 00, 83, 61, AE, CA, 71, FC, 4B, 05, 01, 55, B7, BF, 7A, F3, 85, 1A, 46, 6E...
 
[+]

Entropy:
7.8436

Packer / compiler:
PECompact v2

Code size:
542.5 KB (555,520 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
XFACC

Command:
C:\xuanfeng\xfacc.exe


Remove xfacc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.