home

lxxpidvmc.exe

The executable lxxpidvmc.exe has been detected as malware by 1 anti-virus scanner. It runs as a windows Service named “wirrvzcwo”. While running, it connects to the Internet address smtp.free.fr on port 25.
MD5:
55599c86c09d09d38b4e741e19ec2155

SHA-1:
2f97dc242f272699d607646e1ea7f2ef4de0de8b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 2:19:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Delf
17.2.8.13

File size:
485.5 KB (497,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\lxxpidvmc.exe

File PE Metadata
Compilation timestamp:
2/25/2016 7:52:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x5A968

Entry point:
60, FF, CE, 1B, F2, F3, 50, 86, ED, 3B, FF, 74, 08, 89, F2, F6, C3, 66, 0F, AF, D2, 53, 0F, AF, CD, 0B, EF, 4E, 83, E6, 00, 3D, 60, 16, 00, 00, 74, 02, 03, CE, 3D, 53, E1, 2A, 78, 69, FB, 96, 48, 15, 26, 43, B6, 40, 81, C6, 42, 1F, 01, 00, C7, C7, E5, 8F, 2E, D2, C6, C6, 50, 81, EE, 41, 1F, 01, 00, 0F, B7, CA, 89, D9, 39, C3, B2, 1B, FE, C0, EB, 03, F6, C5, F5, 81, FE, 37, 01, 00, 00, 0F, 86, B8, FF, FF, FF, 0F, B7, C8, 80, D4, C5, C6, C2, 1E, B1, C1, E8, 0C, 00, 00, 00, FF, CE, 86, F4, 85, CE, 81, FB, 8D...
 
[+]

Entropy:
6.7241

Code size:
356.5 KB (365,056 bytes)

Service
Display name:
wirrvzcwo

Service name:
gyvkmgogzv

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to poczta.interia.pl  (217.74.64.236:587)

TCP:
Connects to smtp.wp.pl  (212.77.101.1:587)

TCP:
Connects to smtpauth.wanadoo.fr  (193.252.22.84:587)

TCP (SMTP):
Connects to smtp.free.fr  (212.27.48.4:25)

TCP:
Connects to poczta.o2.pl  (193.17.41.99:465)

TCP (HTTP):
Connects to srv52-h-st.jino.ru  (81.177.139.73:80)

TCP (HTTP):
Connects to s052d7e05.fastvps-server.com  (5.45.126.5:80)

TCP:
Connects to mail3.ks.ml.itmm.ru  (185.79.118.176:2525)

TCP (HTTP):
Connects to static.78.108.95.128.clients.majordomo.ru  (78.108.95.128:80)

TCP:
Connects to mail.gmx.net  (212.227.17.190:465)

TCP:
Connects to interia.eu  (217.74.65.52:587)

TCP (HTTP):
Connects to biz.mail.ru  (46.0.202.55:80)

Remove lxxpidvmc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.