Malware

About “Exploit.Win32.Shellcode.agei” infection

Malware Removal

The Exploit.Win32.Shellcode.agei is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Exploit.Win32.Shellcode.agei virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the A310Logger malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Binary compilation timestomping detected

How to determine Exploit.Win32.Shellcode.agei?



File Info:

name: 9D1582C5C7F4317F1731.mlw
path: /opt/CAPEv2/storage/binaries/2de10b92f6ebcc1cffb7f45ef3aea487ae9e029f0825d45286fb1454977564cf
crc32: 13EFB7E1
md5: 9d1582c5c7f4317f1731b319293924a9
sha1: 2fbcc68784a8a12a249cbe3fb904afca2ed0cd61
sha256: 2de10b92f6ebcc1cffb7f45ef3aea487ae9e029f0825d45286fb1454977564cf
sha512: 7f2e299f53a45c664432dc82f091e13d89f7cee196e224a575f5b8e4ff9d4318b5ee1a74340d6c3a252893d81c91120feef24724728d0cdb5652ec4696028f0d
ssdeep: 49152:poFOSFoY1YdoDXvAONSCLISH2RUgENgG0KDT+:pEOSWYo4XttJfgENgG0KDT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T151752371FB8770E1C6E946F25D22807731515C6B5B41073AF8B4334A8EE622BBB36939
sha3_384: 138bd0e10bd1f9d7be043571dfe5c5a07b9fcec5860c99514064917d21d6a5ce3243a842b61a1d3d94048cba86abb785
ep_bytes: eb05c4ae0ad13950eb010ae812000000
timestamp: 2056-05-27 12:19:45


Version Info:

CompanyName: Realtek Semiconductor Corp.
FileDescription: RTInstaller
FileVersion: 1.0.0.46
InternalName: RTInstaller
LegalCopyright: Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved. 
OriginalFilename: RTInstaller.exe
ProductName: RTInstaller
ProductVersion: 1.0.0.46
Translation: 0x0409 0x04b0

Exploit.Win32.Shellcode.agei also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
FireEyeGeneric.mg.9d1582c5c7f4317f
CylanceUnsafe
SangforTrojan.Win32.Sabsik.FL
K7AntiVirusTrojan ( 0058d8411 )
K7GWTrojan ( 0058d8411 )
Cybereasonmalicious.784a8a
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Obsidium.FV
APEXMalicious
Paloaltogeneric.ml
KasperskyExploit.Win32.Shellcode.agei
RisingExploit.Shellcode!8.2A (CLOUD)
SophosMal/Generic-S
DrWebTrojan.PWS.Siggen3.10839
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
IkarusTrojan.Win32.Obsidium
GDataWin32.Trojan.Agent.N7IZ7G
ZoneAlarmExploit.Win32.Shellcode.agei
MicrosoftExploit:Win32/ShellCode!ml
CynetMalicious (score: 100)
McAfeeArtemis!9D1582C5C7F4
VBA32BScope.Trojan.Tiggre
MalwarebytesTrojan.MalPack.Obsidium
TencentWin32.Exploit.Shellcode.Htvp
SentinelOneStatic AI – Suspicious PE
FortinetW32/PossibleThreat
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Exploit.Win32.Shellcode.agei?

Exploit.Win32.Shellcode.agei removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment