Categories: Malware

Server-FTP.Win32.Agent.h (file analysis)

The Server-FTP.Win32.Agent.h is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Server-FTP.Win32.Agent.h virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
CAPE detected the shellcode patterns malware family
Yara detections observed in process dumps, payloads or dropped files

How to determine Server-FTP.Win32.Agent.h?


File Info:
name: CA3A0A16ABDF1D86085D.mlwpath: /opt/CAPEv2/storage/binaries/35555d33b8f9ac6a8ff2fc8a40178ba20ffe08c97ab3e3584938b9019be827f5crc32: A8954DA8md5: ca3a0a16abdf1d86085dd0f47b3630c7sha1: c3f7f800aacf1ad34667ec679edea777f5e3c104sha256: 35555d33b8f9ac6a8ff2fc8a40178ba20ffe08c97ab3e3584938b9019be827f5sha512: 52807ddf38ff1056f4261a91e12b6b2c663c7dd568cdf82ca606267dc8534a648a2ffa686788a99eb9d7b963eae061bda820c94632f72a232a216c3c4dd97d46ssdeep: 98304:gS/2LbSTBGGJ78ZrEiN/Gf4MOxUO7dfdnH:p+bS1G28hEUWhgpHtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A72633C67631197CC9F8CB73A5BA6DBF8B501C2D358D07497850FA2D2A3E2AB4534CA4sha3_384: af28e44bd5c5b6850a14d8cf6f2e875436c0e28f7013b3ed6e1d56966a922fbf40a3f63f4b5a93224a474b5a70aff1d3ep_bytes: 60be008048008dbe0090f7ff57eb0b90timestamp: 2010-04-16 07:47:33
Version Info:
FileVersion: 6.1.M.0Comments: 网络克隆自动版 6.1M_x86FileDescription: 网络克隆自动版 6.1M_x86LegalCopyright: CYG 工作室Translation: 0x0804 0x04b0

Server-FTP.Win32.Agent.h also known as:

Lionic	Riskware.Win32.Agent.1!c
CAT-QuickHeal	Trojan.Mauvaise.S2595919
Skyhigh	BehavesLike.Win32.BadFile.rc
Cylance	unsafe
Zillya	Trojan.TFTPD32.Win32.3
Sangfor	PUP.Win32.Bitrepeyp.A
K7AntiVirus	Trojan ( 700000111 )
K7GW	Trojan ( 700000111 )
VirIT	Trojan.Win32.Generic.CAHB
Symantec	Trojan.Gen.2
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/TFTPD32.B potentially unsafe
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:Server-FTP.Win32.Agent.h
NANO-Antivirus	Riskware.Win32.Ftpd.kdkrzy
Avast	FileRepMalware [Misc]
Tencent	Malware.Win32.Gencirc.10beac8f
Sophos	Generic Reputation PUA (PUA)
DrWeb	Program.Ftpd.1
TrendMicro	PUA.Win32.TFTPServer.A
Ikarus	PUA.TFTPD32
Webroot	W32.Sfh.Jv
Antiy-AVL	RiskWare/Win32.TFTPD32.b
Xcitium	Suspicious@#pxwm18cxua7m
ZoneAlarm	not-a-virus:Server-FTP.Win32.Agent.h
Microsoft	Trojan:Win32/Occamy.C35
McAfee	Artemis!CA3A0A16ABDF
MAX	malware (ai score=99)
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	PUA.Win32.TFTPServer.A
SentinelOne	Static AI – Suspicious PE
MaxSecure	Virus.W32.Pioneer.H
Fortinet	Riskware/TFTPD32
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS