Multi-License Discount Quote

Change Region

English
Threat Database Backdoors Backdoor.Xtreme.A

Backdoor.Xtreme.A

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 13,894
Threat Level: 60 % (Medium)
Infected Computers: 3,566
First Seen: May 2, 2017
Last Seen: April 14, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.Xtreme.A
Signature status: No Signature

Known Samples

MD5: e9b7eea56eee10731158115f8bfb71e3
SHA1: f9e1a002f8f53feb300b783fce7d676628e09f7f
SHA256: 887349B7182639235CE6084733B5449132B5CE8CC71D580AF1866FBDBC18C2A6
File Size: 115.71 KB, 115712 bytes
MD5: 83ceb00d1cfaaffec3f654cac4f35001
SHA1: cf2699ce9db33ff6632605f8acb8e45816d9f57d
SHA256: 62C8E848C53CF2032AD9D58CB8A435C9DF5A86BEDCA17970056A4B04C4917DE5
File Size: 115.71 KB, 115712 bytes
MD5: f993bf9672dc129b5c9a8636b189c583
SHA1: 697c0898354987866589829cb7acf4722b4b10ed
SHA256: FC2D1DF1730A50C770B8DAECF6778031B187D46AE00A12E9440AA66EA17B71FF
File Size: 3.27 MB, 3270656 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Microsoft Corporation
Company Name Microsoft Corporation
File Description Microsoft Skype
File Version
  • 15.128.207.0
  • 1.0.0.0
Internal Name
  • Skype
  • skype.exe
Legal Copyright Microsoft Corporation
Legal Trademarks Microsoft Corporation
Original Filename skype.exe
Product Name Microsoft Skype
Product Version
  • 15.128.207.0
  • 1.0.0.0

File Traits

  • HighEntropy
  • No Version Info
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 485
Potentially Malicious Blocks: 78
Whitelisted Blocks: 407
Unknown Blocks: 0

Visual Map

0 0 x x 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 1 0 0 0 0 1 0 0 1 1 2 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 1 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 2 2 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 2 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x x x x 0 0 0 x x 0 x x x x x x 0 x x x x x x x 0 x 0 0 x 0 x 0 x x 0 0 0 x 0 x 0 x x x x 0 x x x 0 0 x x x x x x x 0 x x x x x x x 0 x x x 0 x x 0 0 1 0 x x 0 0 x x 0 0 0 0 0 0 x 0 x x x 0 0 x x 0 x 0 0 x x x 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Xtreme.A

Files Modified

File Attributes
c:\users\user\appdata\local\temp\defender.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kmspico ativador permanente.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\windows defender.exe Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鲎ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU::di ! RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鲏ȁ獖} RegNtPreCreateKey
HKCU\environment::see_mask_nozonechecks 1 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute
  • ShellExecuteEx
User Data Access
  • GetUserObjectInformation

Shell Command Execution

open C:\Users\Frcqfusq\AppData\Local\Temp\DEFENDER.EXE
open C:\Users\Frcqfusq\AppData\Local\Temp\KMSPICO ATIVADOR PERMANENTE.EXE
(NULL) C:\Users\Frcqfusq\AppData\Roaming\windows defender.exe

Trending

Most Viewed

Loading...