About “Python/Agent_AGen.J” infection

The Python/Agent_AGen.J is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Python/Agent_AGen.J virus can do?

Reads data out of its own binary image
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Python/Agent_AGen.J?


File Info:
name: 2F26EB62AE8BB4C6980E.mlw
path: /opt/CAPEv2/storage/binaries/1e523c54838f50effde3ce0e808f0448ca74a994ac71de7c35f5915c66645ea7
crc32: 03ECEEED
md5: 2f26eb62ae8bb4c6980e5ebb31b9b758
sha1: 2c234ffd9f5aa50a1f177019c7dddbeb8036d58a
sha256: 1e523c54838f50effde3ce0e808f0448ca74a994ac71de7c35f5915c66645ea7
sha512: 70bce0db2c70282077e5c843e696c804ac6d58b1fbb4e0c62d0faeab0ebc74f2e9884f494728d59ea3875c0f453688e8c7b1e20236501550f7c3275132d02434
ssdeep: 3072:XAsftqUS5ecpkCf9bp7SL4SnlJl0FW76JNz52I:ntqUcu29bp7SL4SnlJl0FW76JNzn
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T10804D6564E5ACCD9D2434DB445AA443BD2B9983DC9AB2407FF332E58EE372C47A1F290
sha3_384: 138f4fcb624dcbef52c43fddee5b7cf9f1f390616ad589bc0fb28787e691b89718dd11b5967c298f1e98f7ee0c08ea46
ep_bytes: 5589e583ec18c745f4ff000000c705bc
timestamp: 2023-01-06 22:46:18

Version Info:
CompanyName: Sherie
ProductVersion: 1.2.0.0
FileVersion: 1.2.0.0
OriginalFilename: main.exe
InternalName: main
ProductName: main
FileDescription: main.exe
Translation: 0x0000 0x04b0

Python/Agent_AGen.J also known as:

Bkav	W32.Common.6BB03A2F
Lionic	Trojan.Win32.Redcap.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.71637200
FireEye	Trojan.GenericKD.71637200
Skyhigh	BehavesLike.Win32.Generic.cm
McAfee	Artemis!2F26EB62AE8B
Malwarebytes	Generic.Malware/Suspicious
Zillya	Trojan.AgentAGen.Script.114
Alibaba	Trojan:Win32/Redcap.67523f1b
Cybereason	malicious.2ae8bb
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Python/Agent_AGen.J
Avast	Win32:Malware-gen
BitDefender	Trojan.GenericKD.71637200
Emsisoft	Trojan.GenericKD.71637200 (B)
F-Secure	Trojan.TR/Redcap.uqtkw
VIPRE	Trojan.GenericKD.71637200
Sophos	Generic Reputation PUA (PUA)
MAX	malware (ai score=84)
Google	Detected
Avira	TR/Redcap.uqtkw
Varist	W32/ABTrojan.RSSY-8409
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Generic.D44518D0
GData	Trojan.GenericKD.71637200
Cynet	Malicious (score: 99)
VBA32	BScope.Trojan.Bingoml
ALYac	Trojan.GenericKD.71637200
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H0CBK24
Rising	Trojan.Agent!8.B1E (CLOUD)
Ikarus	Trojan.Python.Agent
MaxSecure	Trojan.Malware.233650085.susgen
Fortinet	W32/Agent_AGen.J!tr
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS

How to remove Python/Agent_AGen.J?

Python/Agent_AGen.J removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X