Threat Database Trojans Trojan.Rozena.XAB

Trojan.Rozena.XAB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,392
Threat Level: 80 % (High)
Infected Computers: 53
First Seen: July 16, 2024
Last Seen: June 23, 2026
OS(es) Affected: Windows

Security analysts are tracking a detection identified as Trojan.Rozena.XAB. This classification points to a malicious Windows executable that lacks a valid digital signature, a common trait among unauthorized or suspicious files. Because it operates as a Trojan, this threat relies on deception to infiltrate a system rather than exploiting software vulnerabilities autonomously. Once inside a network or device, it can open the door to further unauthorized activities, making its prompt detection and removal essential for maintaining system integrity and user privacy.

What Is Trojan.Rozena.XAB?

Trojan.Rozena.XAB is a specific detection name used to identify a malicious Windows PE (Portable Executable) file. PE is the standard format for executables and DLLs in the Windows operating system, meaning this threat is designed specifically to run on Windows environments. A key characteristic of files flagged under this detection is their signature status. The executable carries no valid digital signature. In legitimate software, digital signatures verify the publisher's identity and confirm that the code has not been tampered with since its creation. The absence of a signature indicates that the file was not published through standard, verified developer channels, which is highly typical for unauthorized or maliciously crafted binaries.

How Trojan.Rozena.XAB Operates

As a Trojan, Trojan.Rozena.XAB does not replicate itself like a traditional computer worm. Instead, it relies on social engineering or bundled software tactics to convince a user to execute the payload. Once the unverified PE file is launched, it can establish a foothold on the compromised machine. Trojans of this nature generally operate quietly in the background, often injecting code into legitimate system processes or modifying system settings to ensure persistence across reboots. Because the file lacks a signature, it bypasses standard trust prompts, though it may still require administrative privileges depending on how it is packaged. After execution, the threat may attempt to communicate with remote servers to download additional payloads, exfiltrate sensitive data, or receive commands from an unauthorized operator.

Symptoms of Infection

Identifying a Trojan.Rozena.XAB infection can be challenging because Trojans are designed to remain stealthy. However, users may notice several general indicators of compromise:

  • Unexplained system slowdowns: High CPU or memory usage occurring even when no legitimate applications are actively running.
  • Network anomalies: Unexpected outbound network traffic, which may indicate that the threat is communicating with a remote server.
  • Disabled security tools: Anti-virus programs, firewalls, or system updates being deactivated without user intervention.
  • System instability: Frequent application crashes, unresponsive windows, or unexpected system reboots.
  • Unfamiliar processes: Suspicious processes running in the Windows Task Manager, often masquerading under legitimate-sounding names.

How to Remove Trojan.Rozena.XAB

To effectively eliminate Trojan.Rozena.XAB from an affected machine, users should follow a structured removal process to ensure all traces of the unverified executable are deleted:

  1. Boot the computer into Safe Mode with Networking to prevent the malicious executable from loading automatically with Windows.
  2. Run a full system scan with a reputable anti-malware tool such as SpyHunter to detect and quarantine the unsigned PE file and any associated components.
  3. Uninstall suspicious or recently added programs from the Windows Control Panel or Settings app that may have bundled the Trojan.
  4. Reset Google Chrome, Mozilla Firefox, and Microsoft Edge to their default settings to clear any malicious extensions, startup pages, or altered proxy configurations.
  5. Reboot the computer normally and run a second, final anti-malware scan to confirm that the threat has been completely removed.

Conclusion

Trojan.Rozena.XAB represents a serious security risk due to its nature as an unsigned Windows PE executable. The lack of a digital signature is a clear warning sign that the file has not been vetted by a trusted authority, and its behavior as a Trojan means it can facilitate deeper system compromises if left unchecked. By understanding how this threat operates and following a thorough removal protocol, users can restore their systems to a secure state. Maintaining proactive security habits, such as avoiding unverified downloads and keeping system protections active, remains the best defense against similar unauthorized executables in the future.

Analysis Report

General information

Family Name: Trojan.Rozena.XAB
Signature status: No Signature

Known Samples

MD5: d1ab24c9330f686ddebaf65c858c1d87
SHA1: 001c376fb79efc428a6884ce482d59c12b06b244
SHA256: 8DA0817B24224D656B02BFF299A48F67C979F2232D108CFAECFBEEBB08F5C735
File Size: 2.00 MB, 1999872 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Notepad2
Company Name Florian Balmer et al.
File Description Notepad2 Text Editor
File Version 4.23.04.4766
Internal Name Notepad2
Legal Copyright © 2004-2023 Florian Balmer and all contributors
Original Filename Notepad2.exe
Product Name Notepad2
Product Version 4.23.04.4766

File Traits

  • HighEntropy
  • imgui
  • x86

Block Information

Total Blocks: 2,326
Potentially Malicious Blocks: 1,238
Whitelisted Blocks: 1,078
Unknown Blocks: 10

Visual Map

? x x x 0 0 x 0 ? x ? x ? ? x ? x x x x x x x x x x x ? 0 0 x x x 0 x 0 x 0 x x x x x x ? 0 ? x 0 x x x 0 x 0 0 x 0 x x 0 x x x x x x x 0 0 x x ? 0 0 0 0 0 0 0 0 x x x x 0 0 x 0 x 0 x x x x 0 x x x x 0 x x x x x x x x x x x x x 0 0 x 0 x x 0 x x x 0 x x x x x x x x x x 0 x x x x x x x x 0 x x x x x x x x x 0 x x 0 x x 0 x x 0 x x x x x 0 0 x x x x x x x 0 x x x x 0 x x x x x x x x x x x x x 0 x x x x x x x x 0 0 0 0 x x 0 0 0 0 x x 0 x x x 0 x x x x x x x x x 0 x x x x x x x x x x 0 x x x x x x x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x 0 x 0 x 0 0 x x x 0 0 x x x 0 x x 0 x x 0 x 0 0 0 0 x x x x x 0 x 0 x x x 0 x x x x x x x x x 0 x x 0 x x x 0 x x x x x x 0 x x x x x x 0 0 x x 0 x 0 x 0 x x 0 x x x 0 0 x x 0 x 0 x x x 0 x 0 x x x x 0 x x x x x 0 x 0 x x x x x x x 0 x x 0 x x x 0 x x x x x x x x 0 0 0 0 x x x x 0 x x 0 x x x x x x x x x x x x x x 0 0 x x x x 0 x x x x x x 0 x x x x x x x 0 x x x x x x x x 0 0 x x x x x 0 0 0 x 0 0 x x 0 0 0 0 0 x x x x x x 0 0 x x x x x 0 x x x 0 x 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 x 0 x x x x x 0 0 0 0 x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x 0 0 x x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x 0 x x x x x 0 x x x 0 x x x 0 x x x x x x 0 0 0 x x x x x 0 x x x x 0 x x x 0 x x x x x x x x x x x x x x 0 x 0 0 x 0 x x 0 0 0 x 0 0 0 x x x 0 x x x x x x 0 x 0 x 0 x x 0 x x 0 x 0 x 0 0 x x 0 0 0 x x 0 x x 0 x x x 0 0 x x x x x x x x 0 0 x 0 x x x x 0 x 0 x x x x x x x x 0 x x 0 x x x x x x 0 x x x 0 x x x 0 x x 0 x x x 0 x x x x 0 x x 0 0 x 0 x 0 x x x x x 0 x x x x x x x x 0 0 x 0 x 0 x 0 x 0 x 0 0 0 0 0 x x x 0 x x x x x x x x 0 x x x x x x x 0 0 x 0 0 x 0 x x 0 x x x x x x 0 0 x 0 0 0 0 0 x x x x x x x x x 0 x x x 0 x x 0 0 x x x x x x x x x x x x x x 0 x 0 x 0 x 0 0 x 0 0 x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x 0 x x x x x x x x x x x x x 0 0 x 0 0 0 x x 0 x x x x x x 0 x x 0 0 0 0 x x 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 x x x x 0 0 x x x x x x x x x x x x x x x 0 x 0 0 0 x x x x x x 0 x x x 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 x 0 x 0 0 0 0 x x 0 0 x x x x x x x x x x x x x x x x 0 0 0 x x 0 x x x x x 0 x x 0 0 0 x 0 0 0 x 0 x x 0 x x 0 0 0 0 0 0 x x x x x x x 0 0 x x x x x x x x 0 0 x x x x 0 x x 0 x x x 0 x x x x x x 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 x x x x x x 0 x x x x 0 0 0 x x x 0 x x x x x x x x x x x x 0 0 x x x x 0 x 0 x x 0 0 x x x 0 0 x x x 0 x x x x x x x x x x x x x x x x 0 x x 0 x x x x x x x x 0 x x x 0 x x x x 0 x x x x 0 x x x x x x x x x x x x x x x 0 x 0 x x x 0 0 0 0 x 0 x x x x x x x x 0 x 0 0 x x x 0 0 x x x x x 0 0 x x x x x 0 x x x x x 0 x 0 x x x x x x x 0 0 0 0 x x 0 x 0 0 0 0 x 0 x 0 x x 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 x 0 x x x x x x x x 0 x x x 0 x x x 0 x 0 0 x 0 0 x x 0 0 x 0 x x x 0 x 0 x x x x 0 0 x x 0 x x x 0 x x 0 x 0 x 0 0 0 x x x x x x x x 0 x x x x x 0 x 0 0 x 0 x 0 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 0 x x x 0 x x 0 x x x x x x x x x x x 0 0 x 0 x x x x 0 0 x x x x x x x x x x x 0 x x x x 0 x 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 0 x x x x x x x x x 0 x 0 x 0 x 0 x 0 0 x x x x x x x x 0 x x 0 0 x x x x x x x x x 0 x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x 0 x x 0 x x x x 0 x x 0 0 0 x x x x x x x x x x x x x 0 0 x 0 0 x x x x 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Rozena.XAB

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...