Malware

Exploit.Win32.Shellcode.agfw malicious file

Malware Removal

The Exploit.Win32.Shellcode.agfw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Exploit.Win32.Shellcode.agfw virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device

How to determine Exploit.Win32.Shellcode.agfw?



File Info:

name: D0775491DE93AC8F9D50.mlw
path: /opt/CAPEv2/storage/binaries/90a6d292626839607c31ead96f5197d9c19f94160097924d912573faf50f4ba6
crc32: 5991E82B
md5: d0775491de93ac8f9d500c00a4beb6d6
sha1: 34f32a4984c8d2fb9bb753e5ec994f15282ea241
sha256: 90a6d292626839607c31ead96f5197d9c19f94160097924d912573faf50f4ba6
sha512: c0122cfb7fdf2a6c2784b4ee1bf9b05949a55cfc2861654fd245482cf0bd598fa8ce8d28b0f84a3a7f91af45a221e177b3fb0227ee9a46ae0e149e1defff41b1
ssdeep: 24576:YNIOFAIDoyk1/QHTlnn+/SKyZnd1+BHH:YNFi/yk1Yzl/KydT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16A4502223762C49FCC591934DE5660F60AE67C91DE26F0A73094BF5FA5F0C91C82BBA1
sha3_384: a3c11b4277c7327248114333fb140da1a4aaf7de0f80979d1410891d0feff763a0aee3399bad3d4f7d9b60b1a0957533
ep_bytes: eb02697a50eb05c6f09bbfd2e8180000
timestamp: 2022-01-31 07:46:36


Version Info:

FileDescription: iProDifX Installation Utility
FileVersion: 15.5.0.1
InternalName: iProDifX
LegalCopyright: Copyright (C) 2005, 2011
OriginalFilename: iProDifX.EXE
ProductName: iProDifX Application
ProductVersion: 15.5.0.0
Translation: 0x0409 0x04b0

Exploit.Win32.Shellcode.agfw also known as:

MicroWorld-eScanTrojan.GenericKD.48249436
FireEyeGeneric.mg.d0775491de93ac8f
CAT-QuickHealExploit.Shellcode
McAfeeArtemis!D0775491DE93
CylanceUnsafe
SangforExploit.Win32.Shellcode.agfw
K7AntiVirusTrojan ( 0058df0d1 )
K7GWTrojan ( 0058df0d1 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Obsidium.FZ
APEXMalicious
Paloaltogeneric.ml
KasperskyExploit.Win32.Shellcode.agfw
BitDefenderTrojan.GenericKD.48249436
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.48249436
SophosMal/Generic-S + Troj/Agent-BIKW
ComodoMalware@#2vn1e7h6v1mfn
TrendMicroTROJ_GEN.R002C0RB622
McAfee-GW-EditionBehavesLike.Win32.Pate.tc
EmsisoftTrojan.GenericKD.48249436 (B)
IkarusTrojan.SuspectCRC
GDataTrojan.GenericKD.48249436
Antiy-AVLTrojan/Generic.ASMalwS.35225A2
ViRobotTrojan.Win32.Z.Shellcode.1238768
MicrosoftExploit:Win32/ShellCode!ml
AhnLab-V3Trojan/Win.Generic.R471663
BitDefenderThetaGen:NN.ZexaF.34212.lv3@aK1Empoi
ALYacTrojan.GenericKD.48249436
MAXmalware (ai score=81)
VBA32BScope.Trojan.Packed
MalwarebytesTrojan.MalPack.Obsidium
TrendMicro-HouseCallTROJ_GEN.R002C0RB622
RisingExploit.Shellcode!8.2A (CLOUD)
SentinelOneStatic AI – Malicious PE
FortinetW32/Malicious_Behavior.VEX
AVGWin32:Trojan-gen
Cybereasonmalicious.984c8d
PandaTrj/CI.A
MaxSecureTrojan.Malware.139762422.susgen

How to remove Exploit.Win32.Shellcode.agfw?

Exploit.Win32.Shellcode.agfw removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment