Malware

Mal/Agent-AUJ (file analysis)

Malware Removal

The Mal/Agent-AUJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Agent-AUJ virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Turkish
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Operates on local firewall’s policies and settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Mal/Agent-AUJ?



File Info:

name: 4E47BD26A72ED67CF133.mlw
path: /opt/CAPEv2/storage/binaries/ece7aefd6bde9cba9b814fe9431ae81be5992b36d165ea22a55663b2cec16274
crc32: 2C806F2F
md5: 4e47bd26a72ed67cf133112340b4f203
sha1: 479f9d5bf640816a504b118e765372be00a51f99
sha256: ece7aefd6bde9cba9b814fe9431ae81be5992b36d165ea22a55663b2cec16274
sha512: bb145784955932c0dae3e34ad7de986fda078652f0d07a5dd0740a89d984d11a2884e8c7c39159ee0821309d3540b374d5e0321955930d7943e8a39944adc00f
ssdeep: 3072:7sy53mQjJtnP5I09qgmBBAWgjSvwFH7sGUYmKfd:79meJtna2qgmBNgQwd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CF646B21E711C06AE4D140FED6EB4B76A5AC5F301B5860E7C3E07AAE273A1E5BD3054A
sha3_384: 8e0e006a0ff263df0f77fa9c98dfcd7e421055c2d63b572de682d22933c1a68f6283b4d5c4a7dc9f7e56c2b75d1990d2
ep_bytes: 558bec6aff68d87742006870aa400064
timestamp: 2001-11-12 01:24:40


Version Info:

Comments: 
CompanyName: 
FileDescription: 
FileVersion: 6.0.150.3
InternalName: jusched
LegalCopyright: Copyright © 2011
LegalTrademarks: 
OriginalFilename: jusched
PrivateBuild: Sun Microsystems, Inc.
ProductName: Java(TM) Platform SE 6 U15
ProductVersion: 6.0.150.3
SpecialBuild: 
Translation: 0x0000 0x04b0

Mal/Agent-AUJ also known as:

BkavW32.AIDetectMalware
DrWebTrojan.Proxy.19158
MicroWorld-eScanTrojan.GenericKDZ.94659
ClamAVWin.Malware.Generickdz-10004908-0
McAfeeW32/Worm-FAS!4E47BD26A72E
Cylanceunsafe
ZillyaWorm.Juched.Win32.1
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 001f4ea51 )
K7GWTrojan ( 001f4ea51 )
Cybereasonmalicious.6a72ed
BitDefenderThetaGen:NN.ZexaF.36348.sq1@a8Q9khbO
VirITWorm.Win32.Generic.JS
CyrenW32/S-5f110aea!Eldorado
SymantecSMG.Heur!gen
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Agent.SRG
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Juched.buz
BitDefenderTrojan.GenericKDZ.94659
NANO-AntivirusTrojan.Win32.Juched.fiiyae
SUPERAntiSpywareTrojan.Agent/Gen-Ganel
AvastWin32:Dropper-GHV [Drp]
TencentTrojan.Win32.FakeFolder.bba
EmsisoftTrojan.GenericKDZ.94659 (B)
F-SecureTrojan.TR/Agent.mkz
BaiduWin32.Trojan.Agent.dc
VIPRETrojan.GenericKDZ.94659
McAfee-GW-EditionBehavesLike.Win32.Generic.fz
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.4e47bd26a72ed67c
SophosMal/Agent-AUJ
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.117N3WD
JiangminTrojan/Agent.enso
AviraTR/Agent.mkz
Antiy-AVLTrojan/Win32.Agent.a
XcitiumWorm.Win32.Jushed.KA@4cysvx
ArcabitTrojan.Generic.D171C3
ZoneAlarmWorm.Win32.Juched.buz
MicrosoftTrojan:Win32/Vindor!pz
GoogleDetected
AhnLab-V3Worm/Win32.Juched.R291589
VBA32Trojan.Wacatac
ALYacTrojan.GenericKDZ.94659
MAXmalware (ai score=86)
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaGeneric Malware
RisingTrojan.Agent!1.C135 (CLASSIC)
YandexTrojan.GenAsa!Vd0Nwq9FbL8
IkarusTrojan.Win32.Webprefix
MaxSecureWorm.Juched.buz
FortinetW32/Agent.TNE!tr
AVGWin32:Dropper-GHV [Drp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Mal/Agent-AUJ?

Mal/Agent-AUJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment