About “Trojan.Agent.CDPF” infection

Malware Removal

The Trojan.Agent.CDPF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Agent.CDPF virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Attempts to modify desktop wallpaper
  • Exhibits behavior characteristic of Cerber ransomware
  • Attempts to execute a binary from a dead or sinkholed URL
  • EternalBlue behavior
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Generates some ICMP traffic
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

api.blockcypher.com
btc.blockr.io
bitaps.com
chain.so
ocsp.digicert.com
crl3.digicert.com
crl4.digicert.com

How to determine Trojan.Agent.CDPF?


File Info:

crc32: 3E5E804B
md5: a4b358590da036de5947e7b1a156ccc2
name: A4B358590DA036DE5947E7B1A156CCC2.mlw
sha1: 9551785c89bf0181df2fa45f0fa3495a70d2cbed
sha256: 4f2458993fe245a72e22437d59fc78c533e7b9ea0f65d303b6c143e697159d21
sha512: 23cd095ac6bc133ba36064dd604a19af4eee0243c3927ab5cf0ec8fd3918b11c7e54a8625fbf399f717cf36996a303339d211cd5e93bfe5a5a4bc4ee5ae9f1fe
ssdeep: 6144:nDs83uRdF+rqmLVOaDUDkwSsTnredNpyMd:nDs8eRdFqDLbkTn0Td
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Trojan.Agent.CDPF also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.CDPF
FireEyeGeneric.mg.a4b358590da036de
CAT-QuickHealRansom.Exxroute.A3
ALYacTrojan.Agent.CDPF
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005137001 )
BitDefenderTrojan.Agent.CDPF
K7GWTrojan ( 00504cc91 )
Cybereasonmalicious.90da03
BaiduWin32.Trojan.Kryptik.big
CyrenW32/Cerber.NUHN-2865
SymantecRansom.Cerber
APEXMalicious
AvastWin32:Filecoder-AY [Trj]
ClamAVWin.Ransomware.Cerber-6986679-0
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Kryptik.eljiod
RisingRansom.Cerber!8.3058 (TFE:2:EqGB73J1BPG)
Ad-AwareTrojan.Agent.CDPF
TACHYONRansom/W32.Cerber.324839
EmsisoftTrojan.Agent.CDPF (B)
ComodoTrojWare.Win32.Crypt.C@7vajd0
F-SecureTrojan.TR/Crypt.XPACK.Gen7
DrWebTrojan.PWS.Sphinx.2
ZillyaTrojan.Filecoder.Win32.4103
TrendMicroRansom_CERBER.SM4
McAfee-GW-EditionBehavesLike.Win32.Ransomware.fh
SophosML/PE-A + Mal/Elenoocka-E
IkarusTrojan.Ransom.Spora
JiangminTrojan.Zerber.apx
AviraTR/Crypt.XPACK.Gen7
Antiy-AVLTrojan[Ransom]/Win32.Zerber
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/Cerber
ArcabitTrojan.Agent.CDPF
SUPERAntiSpywareRansom.Cerber/Variant
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Agent.CDPF
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Cerber.R194818
Acronissuspicious
McAfeeRansomware-FMJ!A4B358590DA0
MAXmalware (ai score=100)
VBA32BScope.Trojan.Zbot.2312
MalwarebytesCerber.Ransom.Encrypt.DDS
PandaTrj/Genetic.gen
ESET-NOD32Win32/Filecoder.Cerber.G
TrendMicro-HouseCallRansom_CERBER.SM4
TencentMalware.Win32.Gencirc.10b77bec
YandexTrojan.GenAsa!OuOc5zbATRI
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.GKVH!tr
BitDefenderThetaGen:NN.ZexaF.34590.tmX@aaajY7e
AVGWin32:Filecoder-AY [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.941

How to remove Trojan.Agent.CDPF?

Trojan.Agent.CDPF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment