Malware

ML/PE-A + Troj/Agent-VOW malicious file

Malware Removal

The ML/PE-A + Troj/Agent-VOW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/Agent-VOW virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine ML/PE-A + Troj/Agent-VOW?



File Info:

name: 905135942D8B11E4334A.mlw
path: /opt/CAPEv2/storage/binaries/4e0ce04033611344e9e40e2fb61b71c2fa913cbd96eb9c3b47b42f4b315650b3
crc32: B595329F
md5: 905135942d8b11e4334adaf45d5ae09c
sha1: 5ee59fadba21a6441c1c4187d4e6bc88ba68e3ab
sha256: 4e0ce04033611344e9e40e2fb61b71c2fa913cbd96eb9c3b47b42f4b315650b3
sha512: 9ef4093a22666b18bd7fe7e1c153644eaffd82338e628ffd869e7f3d4aba625ba99956977ba8f7aecb7144f9ce24cb64caaa7e617fc23ba90398b3bf865bada7
ssdeep: 98304:NVYkguczTVzr9E2oczteKZ4VHQ6IbyBsVwKsFrCt:PT0JzBEmN4VwlyIOA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1782633778B839577C4C94632854F5EACBE30168543091B3FC25A5A2E7E63BADBA47F00
sha3_384: dd543a62b2b7ab57935c66819f9b81b4125079b5e939a571f11ab2bdd285d82dc7792d19a3631a78e95e8fa171e4f443
ep_bytes: 90558bec81c434fcfffff7db41bb102a
timestamp: 2008-05-30 04:46:30


Version Info:

CompanyName: AVG Technologies CZ, s.r.o.
FileDescription: AVG Tray Monitor
FileVersion: 9.0.0.871
InternalName: avgtray
LegalCopyright: Copyright © 2010 AVG Technologies CZ, s.r.o.
OriginalFilename: avgtray.exe
ProductName: AVG Internet Security
ProductVersion: 9.0.0.871
PrivateBuild: Win32 Release_Unicode
SpecialBuild: Avg8VC8_2010_1109_133319(871), SVNRev 145063 (/branches/release/SmallUpdate9-12)
Translation: 0x0409 0x04e4

ML/PE-A + Troj/Agent-VOW also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Packed.21467
MicroWorld-eScanTrojan.GenericKD.37475346
FireEyeGeneric.mg.905135942d8b11e4
CAT-QuickHealWorm.SlenfBot.Gen
ALYacTrojan.GenericKD.37475346
MalwarebytesMalware.AI.3286021246
ZillyaWorm.Kolab.Win32.5869
SangforTrojan.Win32.Kryptik.AGY
K7AntiVirusTrojan ( 0020d11f1 )
AlibabaWorm:Win32/Kolab.33c0790e
K7GWTrojan ( 0020d11f1 )
Cybereasonmalicious.42d8b1
BitDefenderThetaGen:NN.ZexaF.34212.@t3@aWD0Csjc
VirITTrojan.Win32.Packed.BFTR
CyrenW32/S-3f083976!Eldorado
SymantecW32.Qakbot!gen5
ESET-NOD32a variant of Win32/Kryptik.KTE
TrendMicro-HouseCallWORM_KOLAB.SMB
Paloaltogeneric.ml
ClamAVWin.Spyware.Zbot-1279
KasperskyNet-Worm.Win32.Kolab.vep
BitDefenderTrojan.GenericKD.37475346
NANO-AntivirusTrojan.Win32.MLW.imdlc
AvastWin32:Kryptik-AGY [Trj]
TencentMalware.Win32.Gencirc.10be347a
Ad-AwareTrojan.GenericKD.37475346
EmsisoftTrojan.GenericKD.37475346 (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
VIPRETrojan.Win32.Kryptik.lbu (v)
TrendMicroWORM_KOLAB.SMB
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
SophosML/PE-A + Troj/Agent-VOW
IkarusTrojan-PWS.Win32.Zbot
JiangminWorm/Kolab.jod
AviraTR/Crypt.XPACK.Gen
Antiy-AVLWorm[Net]/Win32.Kolab
MicrosoftTrojan:Win32/Sefnit.R
ViRobotWorm.Win32.A.Net-Kolab.1331712
ZoneAlarmNet-Worm.Win32.Kolab.vep
GDataTrojan.GenericKD.37475346
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Kolab.R3715
McAfeeGenericRXHC-AR!905135942D8B
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
CylanceUnsafe
APEXMalicious
RisingWorm.Kolab!8.1C4D (CLOUD)
YandexTrojan.GenAsa!fb8SyM5zAGA
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.NAS!tr
AVGWin32:Kryptik-AGY [Trj]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_100% (D)

How to remove ML/PE-A + Troj/Agent-VOW?

ML/PE-A + Troj/Agent-VOW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment