xtlserial.exe

Axjhstoq Uvyb

Xmnvjj Besh

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘xtlserial.exe’.
Scan xtlserial.exe - Powered by Reason Core Security
Publisher:
Xmnvjj Besh

Product:
Axjhstoq Uvyb

Description:
Axjhstoq

Version:
9.11.6545.29777

MD5:
591627ac65eb7f8b708fa4c0ac73090c

SHA-1:
0ce24053aa0ac846adf908927e16c45088aa6800

SHA-256:
5e2cb99313c7f64953e8514ed285f55a202de9d42bd7a80ccfdeea2b8716632e

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/8/2016 5:18:30 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Luhe.Fiha.A
2015.0.3448

ByteHero BDV
Trojan.Malware.Obscu.Gen.002
6.10.2014.10

CMC Antivirus
Packed.Win32.Katusha.3!O
1.1.0.977

File size:
192 KB (196,608 bytes)

Product version:
9.11.6545.29777

Copyright:
© Xmnvjj Besh

Original file name:
Axjhstoq.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\xtlserial.exe

File PE Metadata
Compilation timestamp:
2/28/2014 5:17:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:E86Nd2M+lHcv5TjVo/FZlxd8UwDoGd0ALGfWjvGcxhNzMrGL4zujk6Ad9BxbfaW/:EVNdxU8dZoFOBdUvr685dR

Entry address:
0x2C67

Entry point:
55, 8B, EC, 83, EC, 20, 57, 53, 56, 33, F6, E8, A5, FD, FF, FF, 83, 3D, 0C, C3, 40, 00, 01, 74, 02, EB, 09, 33, C0, 5E, 5B, 5F, 8B, E5, 5D, C3, 68, 43, 60, 41, 00, 8B, F5, 03, 35, 8C, C8, 40, 00, 89, 35, EC, C7, 40, 00, FF, 35, EC, C7, 40, 00, 8B, 4D, DC, 89, 0D, 44, C7, 40, 00, FF, 35, 44, C7, 40, 00, 8B, 5D, D4, 8D, 4D, F0, 89, 5D, F4, FF, 75, F4, 8F, 01, 8B, 55, F0, 89, 15, 98, C8, 40, 00, FF, 35, 98, C8, 40, 00, 8B, 4D, D8, 51, 68, 5C, C5, 40, 00, 68, 2C, C9, 40, 00, 8B, 1D, 8C, C7, 40, 00, 89, 1D, CC...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
8 KB (8,192 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
xtlserial.exe

Command:
C:\users\{user}\appdata\roaming\microsoft\xtlserial.exe


Scan xtlserial.exe - Powered by Reason Core Security