How to remove xcopy.exe
xcopy.exe
The module xcopy.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | explorer |
| Company Name: | www.microsoft.com |
| MD5: | 42e3af393be5f9efcd42c8329d6aef48 |
| Size: | 7 MB |
| First Published: | 2022-09-02 23:22:50 (3 years ago) |
| Latest Published: | 2024-05-04 23:01:55 (a year ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2024-05-04 23:01:55 (a year ago) |
Common Places:
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
Geography:
| 33.3% | ||
| 22.2% | ||
| 16.7% | ||
| 11.1% | ||
| 11.1% | ||
| 5.6% |
OS Version:
| Windows 10 | 100.0% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x000014e0 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 6131712 | e1b35663327f0d87ee2c2639ecf6d797 |
| .data | 66560 | 06e3ed173bbd8ffd7a07d8d76ba92bbe |
| .rdata | 1432576 | 1c1b8eec7d47791bb9b43f1ac85cb308 |
| .pdata | 192000 | c66c11982f955b98452c43492afe1c18 |
| .xdata | 240640 | 2f1c82a68e37223df20cc1a252b6ccad |
| .bss | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 17920 | a18a16fa12f8b429787243b9b20be124 |
| .CRT | 512 | a219e0cabaa84dad044e45067403d652 |
| .tls | 512 | bf619eac0cdf3f68d496ea9344137e8b |
| .rsrc | 2032 | 53e622ede9d06c7807e2d683cb53fbda |
| .reloc | 36864 | dfdcf6a3b731ac6e71ade560ba92d1ca |
More information:
Download GridinSoft
Anti-Malware - Removal tool for xcopy.exe
