Categories: Crack

Application.Hacktool.ACG (file analysis)

The Application.Hacktool.ACG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.Hacktool.ACG virus can do?

  • Presents an Authenticode digital signature
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (12 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Steals private information from local Internet browsers
  • Attempts to modify proxy settings
  • Attempts to create or modify system certificates
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
nexusrules.officeapps.live.com
config.edge.skype.com
client-office365-tas.msedge.net
mrodevicemgr.officeapps.live.com
nexus.officeapps.live.com
a-0020.a-msedge.net

How to determine Application.Hacktool.ACG?



File Info:

crc32: 3A3AB59Bmd5: 71c9a37b6e996b493aca2a341b06ac73name: office.exesha1: c636411ab26fdaa418f45a1ba73a323af5cf3147sha256: 2d75cffac9d5a523a5d1693b686a413a22dd118c53ba8776ef49f41de55461basha512: 7adb9487f6d17cd19dc5303186a350652d40340516c890514bcecfb2d5215202c2d27a90e9c179014ae01ebfee356d47caca94e21e3e3f476888026011794835ssdeep: 196608:tWm6Z2x2wYuKrXdpOxy6MZgt4/7/GXwm7xkvgOKHrubjhGae0cq2IBzKnUr:tWYxY5zOM6sgU7w2Bbjh2Mtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

FileDescription: Office 2013-2016 C2R InstallProductName: Office 2013-2016 C2R InstallTranslation: 0x0000 0x04b0

Application.Hacktool.ACG also known as:

Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Application.Hacktool.ACG
FireEye Generic.mg.71c9a37b6e996b49
McAfee Crack-KMS
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
CrowdStrike win/malicious_confidence_60% (D)
BitDefender Application.Hacktool.ACG
K7GW Unwanted-Program ( 005144031 )
K7AntiVirus Unwanted-Program ( 005144031 )
TrendMicro TROJ_GEN.R002C0PFK20
F-Prot W32/AutoKMS.B.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
GData Application.Hacktool.ACG
Kaspersky HackTool.Win32.KMSAuto.hb
Alibaba HackTool:Win32/KMSAuto.5a0fb331
NANO-Antivirus Trojan.Win32.KMSAuto.hbsuqw
ViRobot Adware.Muldrop.9935192
AegisLab Hacktool.Win32.KMSAuto.3!c
Tencent Win32.Hacktool.Kmsauto.Ahor
Endgame malicious (high confidence)
Emsisoft Application.Hacktool.ACG (B)
Comodo Malware@#df5a7p3gcq8x
DrWeb Trojan.MulDrop9.20927
Zillya Tool.KMSAuto.Win32.138
Invincea heuristic
Sophos Generic PUA IK (PUA)
Ikarus PUA.HackTool.Kmsauto
Cyren W32/AutoKMS.B.gen!Eldorado
Jiangmin HackTool.KMSAuto.gg
Webroot W32.Hacktool.Kms
MAX malware (ai score=99)
Antiy-AVL HackTool/Win32.KMSAuto
Arcabit Application.Hacktool.ACG
ZoneAlarm HackTool.Win32.KMSAuto.hb
Microsoft HackTool:Win32/AutoKMS
Cynet Malicious (score: 100)
AhnLab-V3 Unwanted/Win32.HackKMS.C2079343
VBA32 Trojan.MulDrop
Ad-Aware Application.Hacktool.ACG
Malwarebytes HackTool.Agent.KMS
Panda HackingTool/AutoKMS
ESET-NOD32 a variant of Win32/HackTool.KMSAuto.E potentially unsafe
TrendMicro-HouseCall TROJ_GEN.R002C0PFK20
Rising Malware.Undefined!8.C (CLOUD)
Yandex Riskware.HackTool!uaWRAKDWRjY
SentinelOne DFI – Suspicious PE
Fortinet Riskware/KMSAuto
BitDefenderTheta Gen:NN.ZexaF.34138.@pLfamCxWOoi
Paloalto generic.ml

How to remove Application.Hacktool.ACG?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a-0020.a-msedge.neta.tomx.xyzApplication.Hacktool.ACGclient-office365-tas.msedge.netconfig.edge.skype.commrodevicemgr.officeapps.live.comnexus.officeapps.live.comnexusrules.officeapps.live.comz.whorecord.xyz
4 years ago

Recent Posts

How to remove “Virus:Win32/Expiro.L”?

The Virus:Win32/Expiro.L is considered dangerous by lots of security experts. When this infection is active,…

13 mins ago

Trojan:MSIL/Formbook.AMBA!MTB removal instruction

The Trojan:MSIL/Formbook.AMBA!MTB is considered dangerous by lots of security experts. When this infection is active,…

23 mins ago

Should I remove “Trojan-PSW.Win32.CoinStealer.bh”?

The Trojan-PSW.Win32.CoinStealer.bh is considered dangerous by lots of security experts. When this infection is active,…

27 mins ago

WebWatcher.Spyware.Monitor.DDS removal

The WebWatcher.Spyware.Monitor.DDS is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

What is “Lazy.519114”?

The Lazy.519114 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Should I remove “Malware.AI.3622831725”?

The Malware.AI.3622831725 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago