What is “Python/HackTool.Agent.E potentially unsafe”?

Malware Removal

The Python/HackTool.Agent.E potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Python/HackTool.Agent.E potentially unsafe virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the PyInstaller malware family

How to determine Python/HackTool.Agent.E potentially unsafe?

File Info:

name: ABE05940BE8D9D3A5269.mlw
path: /opt/CAPEv2/storage/binaries/6f2ccf7a13eabdc3f29be5852310fb5c606644dd4496dda92b2f3ea3d63d1842
crc32: 953B4531
md5: abe05940be8d9d3a526942d3c0a9c500
sha1: 45a0263d50988a7c8ea73fdaf842020b48a002ae
sha256: 6f2ccf7a13eabdc3f29be5852310fb5c606644dd4496dda92b2f3ea3d63d1842
sha512: d07770a9b19075f3afbb054338be4f5e7b169c86c529594ba6f12580bf119b2d85c4cf72f5d8f21a0cf2838958ebef2cbeedac6473fa5345cee04f74d2cc1f57
ssdeep: 98304:5oMTz2r5lMrxpOB1v7Iz/M9Aet17bjCma4WLB3w+vsKgQpWFhEKFyUZDm2:aSi5lMNpa18z/qthCmWLdJ4FaKYo
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T127363326F05084B3E1774139CEF0D6BA79BEBD1453124C1BA7EC2FA639605813539EEA
sha3_384: 53961b66463a8c1d28a5d40a5914e11df0187f56db50531de463c523e61a575efa377c6c8d367287ed3de7dd09d16c2b
ep_bytes: e822050000e987feffffcccccccccccc
timestamp: 2017-12-11 15:09:08

Version Info:

0: [No Data]

Python/HackTool.Agent.E potentially unsafe also known as:

K7AntiVirusUnwanted-Program ( 005366281 )
K7GWUnwanted-Program ( 005366281 )
ESET-NOD32Python/HackTool.Agent.E potentially unsafe
SophosGeneric PUA EF (PUA)
SentinelOneStatic AI – Suspicious PE

How to remove Python/HackTool.Agent.E potentially unsafe?

Python/HackTool.Agent.E potentially unsafe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment