Trojan

What is “Trojan.Agent.DIYT”?

Malware Removal

The Trojan.Agent.DIYT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.DIYT virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Ursnif3 malware family
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Agent.DIYT?



File Info:

name: B9278663D8938BA7D175.mlw
path: /opt/CAPEv2/storage/binaries/1646c4a1aa2364076a2a0c0cf7138e727ade287b8fcd91e9ae0a9e8c5d9ba8ce
crc32: 91263C46
md5: b9278663d8938ba7d17528e50b4bbf24
sha1: f9e796baa814a22668dcbca24be44b8c4b6f4262
sha256: 1646c4a1aa2364076a2a0c0cf7138e727ade287b8fcd91e9ae0a9e8c5d9ba8ce
sha512: 1cc872ee12696688e19185de76274ea9a2169e0e793c8128dd4168194056d5dc2589f23cf04e705bc1c62182c4e8d8c59c990a34630a7f86580b66506693c407
ssdeep: 12288:5vX8MtyNeMdiIxYT/IKQh4fwCNNwACoz:tc4VIxK/IF4fw4lz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E4E48E05BFAC8E37C196AD724EF78365E0BCD4105F6B8703AFA4AE5CAD722D07A41185
sha3_384: 21f8a1914549137dc2c447fc81e3294e3545fe2b6910ab7b998d0f18ca5c8d89bff175f472bfcf912adbe7275c37cfac
ep_bytes: e8264f0000e978feffff6a0c68600644
timestamp: 2009-11-16 12:59:20


Version Info:

CompanyName: Kitware Matter
FileDescription: Successchord
InternalName: mixseat.exe
LegalCopyright: Copyright© 2013-2016 Kitware Matter, Inc.
OriginalFilename: mixseat.exe
ProductName: Successchord
ProductVersion: 4.5.28.43
Translation: 0x0409 0x04b0

Trojan.Agent.DIYT also known as:

LionicTrojan.Win32.Ursnif.4!c
AVGWin32:Trojan-gen
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Agent.DIYT
FireEyeGeneric.mg.b9278663d8938ba7
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeePWS-FCLK!B9278663D893
Cylanceunsafe
ZillyaTrojan.Ursnif.Win32.3701
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 005438ac1 )
AlibabaTrojanSpy:Win32/Ursnif.1021c8c0
K7GWSpyware ( 005438ac1 )
Cybereasonmalicious.3d8938
BitDefenderThetaGen:NN.ZexaF.36196.Rq0@aqLL6Doi
VirITTrojan.Win32.Ursnif.BCC
CyrenW32/Ursnif.P.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Ursnif.BW
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Malware.Diyt-6753595-0
KasperskyHEUR:Trojan-Banker.Win32.Gozi.gen
BitDefenderTrojan.Agent.DIYT
NANO-AntivirusTrojan.Win32.Ursnif.fkgaxj
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b1bb07
EmsisoftTrojan.Agent.DIYT (B)
F-SecureTrojan.TR/AD.Ursnif.bhts
DrWebTrojan.PWS.Banker1.28481
VIPRETrojan.Agent.DIYT
TrendMicroTrojanSpy.Win32.URSNIF.SMC
McAfee-GW-EditionPWS-FCLK!B9278663D893
Trapminesuspicious.low.ml.score
SophosTroj/Ursnif-BJ
SentinelOneStatic AI – Suspicious PE
GDataTrojan.Agent.DIYT
JiangminTrojanSpy.Ursnif.bty
AviraTR/AD.Ursnif.bhts
MAXmalware (ai score=100)
Antiy-AVLTrojan[Spy]/Win32.Ursnif.bw
XcitiumTrojWare.Win32.TrojanSpy.Ursnif.WB@7xv8t3
ArcabitTrojan.Agent.DIYT
ZoneAlarmHEUR:Trojan-Banker.Win32.Gozi.gen
MicrosoftTrojanSpy:Win32/Ursnif!rfn
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.R245214
VBA32TrojanSpy.Ursnif
ALYacTrojan.Agent.DIYT
TACHYONTrojan-Spy/W32.Ursnif.707584
MalwarebytesUrsnif.Trojan.Stealer.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTrojanSpy.Win32.URSNIF.SMC
RisingTrojan.Generic@AI.98 (RDMK:EEj6Or1qqvGhcS+CHcuKsg)
YandexTrojan.GenAsa!VaZONhyL+DU
IkarusTrojan.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/GenKryptik.CRRJ!tr
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Agent.DIYT?

Trojan.Agent.DIYT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment