Malware

AdWare.Win32.Agent.xxywnr malicious file

Malware Removal

The AdWare.Win32.Agent.xxywnr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Agent.xxywnr virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Creates a hidden or system file
  • Uses suspicious command line tools or Windows utilities

How to determine AdWare.Win32.Agent.xxywnr?



File Info:

name: D59654CC0204930A4D68.mlw
path: /opt/CAPEv2/storage/binaries/6226fea1100c404b3f04e84f2ba18e0c15940af8e92313c388dc46ed962782f3
crc32: 096F1229
md5: d59654cc0204930a4d68f66feaa0e795
sha1: 4c3f511f762c0fdf27d6ec1d0e5a8d40c4f53548
sha256: 6226fea1100c404b3f04e84f2ba18e0c15940af8e92313c388dc46ed962782f3
sha512: 42d2966d124452277d7e8ad06e02ba10cdcb2514dec6f8c78804af2bddecb7caf872eeb230aaa6828deca7cc607417ea1cd76409a1bb66f6fbe1d59c04459d10
ssdeep: 98304:ZJ0l0MF2j+lJo5iBMr7/24D4uItbGy46c1gSba0AZFLOAkGkzdnEVomFHKnP:ZJSl6Wc1gSQFLOyomFHKnP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13706C0227D98807AD46313314E6DB73C95AFBDB03735025B22947B2E6A70FC15E39A27
sha3_384: f8a15655171a4c23dad39f6be3defd2054c7e087d75e908332b792ade14133abe71c4c83ffc2c230be9a17fbb5f1366b
ep_bytes: 680c194000e8f0ffffff000000000000
timestamp: 2020-10-13 15:03:56


Version Info:

Translation: 0x0409 0x04b0
CompanyName: ab
LegalCopyright: 2016
ProductName: PB
FileVersion: 1.00.0088
ProductVersion: 1.00.0088
InternalName: UPDATE ZEPO
OriginalFilename: UPDATE ZEPO.exe

AdWare.Win32.Agent.xxywnr also known as:

LionicAdware.Win32.Agent.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.Tp0@fj09Uvei
FireEyeGeneric.mg.d59654cc0204930a
ALYacGen:Trojan.Heur.Tp0@fj09Uvei
CylanceUnsafe
K7AntiVirusUnwanted-Program ( 005011181 )
AlibabaAdWare:Win32/DropperX.6940db0b
K7GWUnwanted-Program ( 005011181 )
CrowdStrikewin/malicious_confidence_70% (W)
CyrenW32/VBKrypt.AUL.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.Agent.xxywnr
BitDefenderGen:Trojan.Heur.Tp0@fj09Uvei
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Trojan.Heur.Tp0@fj09Uvei
EmsisoftGen:Trojan.Heur.Tp0@fj09Uvei (B)
McAfee-GW-EditionBehavesLike.Win32.ZeroAccess.wc
SophosGeneric PUA EM (PUA)
SentinelOneStatic AI – Suspicious PE
GDataGen:Trojan.Heur.Tp0@fj09Uvei
AviraTR/VB.Downloader.Gen
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Dropper/Win32.RL_VB.R354172
McAfeeArtemis!D59654CC0204
MAXmalware (ai score=81)
TrendMicro-HouseCallTROJ_GEN.R002H0CKQ21
YandexPUA.Agent!NR9xj6jAQUo
IkarusTrojan.VB.Downloader
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
BitDefenderThetaAI:Packer.8D7563E21C
AVGWin32:DropperX-gen [Drp]
PandaTrj/CI.A

How to remove AdWare.Win32.Agent.xxywnr?

AdWare.Win32.Agent.xxywnr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment