Trojan

Dropped:Trojan.Agent.CAZU information

Malware Removal

The Dropped:Trojan.Agent.CAZU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Trojan.Agent.CAZU virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Dropped:Trojan.Agent.CAZU?



File Info:

name: D13CE3F9690109D57E24.mlw
path: /opt/CAPEv2/storage/binaries/af0510ae1d2343ddc8b7dc3f3f33d0f1e0ecc14b057966c4c3d8a6d54b9afad4
crc32: 48FE0823
md5: d13ce3f9690109d57e247ec20bee2fce
sha1: 195382f760cc7310f45a51fc71cf21e0a52c9937
sha256: af0510ae1d2343ddc8b7dc3f3f33d0f1e0ecc14b057966c4c3d8a6d54b9afad4
sha512: 7e3fd73e04bc8989dd484dde24180cde66e4159c4ef09227ea234413260b7d3921f931600a2a44061a9aaea0f3bb0122e95990e608952f615dd2662ccd2fa1f4
ssdeep: 49152:uh+IK8vGga2oxMR9PoVz7lj4CQntq8MXmqDtfPIh9:uEIi2oxMGlE5tamIPIL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T139852212B2D084FAF9A256314DE95B7767B9BD209F618BC76384FF1CBA720C10632356
sha3_384: 2b126f90d816b5ed848d15bdeb4b54647ab29a8f8ffbbdfa925fc07d202c5d4dcfa38bc6c9fa4ee40043539807899abe
ep_bytes: 558bec6aff68902c430068c4be410064
timestamp: 2001-11-25 05:52:37


Version Info:

Comments: Created with AutoPlay Media Studio
CompanyName: 
FileDescription: AutoPlay Application
FileVersion: 7.5.1004.0
InternalName: ams_launch
LegalCopyright: Runtime Engine Copyright © 2008 Indigo Rose Corporation (www.indigorose.com)
LegalTrademarks: AutoPlay Media Studio is a Trademark of Indigo Rose Corporation
OriginalFilename: ams_launch.exe
PrivateBuild: 
ProductName: AutoPlay Media Studio Launcher
ProductVersion: 7.5.1004.0
SpecialBuild: 
Translation: 0x0409 0x04b0

Dropped:Trojan.Agent.CAZU also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanDropped:Trojan.Agent.CAZU
FireEyeGeneric.mg.d13ce3f9690109d5
ALYacDropped:Trojan.Agent.CAZU
CylanceUnsafe
VIPREDropped:Trojan.Agent.CAZU
Cybereasonmalicious.969010
VirITTrojan.Win32.AutoPlay.A
CyrenW32/Trojan.HGJ.gen!Eldorado
SymantecW32.SillyFDC
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoPlayStudio.A
APEXMalicious
ClamAVWin.Malware.Cazu-9847849-0
KasperskyTrojan-Banker.Win32.Banbra.wuor
BitDefenderDropped:Trojan.Agent.CAZU
SUPERAntiSpywareTrojan.Agent/Gen-Banker
AvastFileRepMalware [Trj]
Ad-AwareDropped:Trojan.Agent.CAZU
TACHYONTrojan/W32.AutoRun.1806336
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionW32/Worm-GAO!D13CE3F96901
Trapminemalicious.high.ml.score
EmsisoftDropped:Trojan.Agent.CAZU (B)
SentinelOneStatic AI – Malicious PE
GDataDropped:Trojan.Agent.CAZU
AviraHEUR/Patched.Ren
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
McAfeeW32/Worm-GAO!D13CE3F96901
MAXmalware (ai score=80)
RisingTrojan.Generic@AI.98 (RDML:lmB23zJtVW+n9+cVdi7CgQ)
YandexTrojan.PWS.Banbra!hO/Wh+TFvWo
IkarusWorm.Win32.Autoplaystudio
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/AutoPlayStudio.A!tr
AVGFileRepMalware [Trj]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Dropped:Trojan.Agent.CAZU?

Dropped:Trojan.Agent.CAZU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment