Trojan

About “Trojan.Agent.DJXN (B)” infection

Malware Removal

The Trojan.Agent.DJXN (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.DJXN (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Access the NetLogon registry key, potentially used for discovery or tampering
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the IcedIDStage1 malware family

How to determine Trojan.Agent.DJXN (B)?



File Info:

name: B47044A6F295F46DA54B.mlw
path: /opt/CAPEv2/storage/binaries/284111659a228846f11d4da58fca384d8540123db9dece7ef6e31b81eafbdf18
crc32: A75BAF96
md5: b47044a6f295f46da54b347d13d68eb8
sha1: 9df9b125e3e19993d85575273b375806e646a192
sha256: 284111659a228846f11d4da58fca384d8540123db9dece7ef6e31b81eafbdf18
sha512: fab18576c7acbc9be186f84f39a01ab7fcb36ea28560e35b67a0b1ae8ede189248bc4a68cf19ad6d2ba327ac8b9303b87c48c6151e7c71a4f8aac3a4d3a13e57
ssdeep: 3072:L3BEADWM+sCXnWS5T0a/Hmz3CbCFJyoo3g6U4W2DdCBgAUwVC9zd1HiW+n5ykemc:L3+ASMEntYaayhookPPg9bCWCMIf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19234AF007BA18431E677437B09698B11453EBD614F719ACBB3D85E0ED7BA6C0B731BA2
sha3_384: 62482a875aa70053b246f9af77c75258f038d2c1a13d711ff82e6b8dffc1f902eadc3dd549707c04aa5bd2250f75c558
ep_bytes: e828880000e9000000006a1468486543
timestamp: 2014-11-20 10:15:06


Version Info:

CompanyName: Monk Development Once
ProductVersion: 14.3.11.13
ProductName: Whetherheard
LegalCopyright: Copyright © 2004 Monk Development Once. All rights reserved
FileDescription: Whetherheard
OriginalFilename: voiceproperty.exe
FileVersion: 14.3.11.13
InternalName: Whetherheard
Translation: 0x0409 0x04b0

Trojan.Agent.DJXN (B) also known as:

MicroWorld-eScanTrojan.Agent.DJXN
FireEyeGeneric.mg.b47044a6f295f46d
ALYacTrojan.Agent.DJXN
MalwarebytesMalware.AI.4251490776
K7AntiVirusTrojan ( 0054202a1 )
BitDefenderTrojan.Agent.DJXN
K7GWTrojan ( 0054202a1 )
Cybereasonmalicious.6f295f
BitDefenderThetaGen:NN.ZexaF.34084.oq0@aeoMD6oi
ESET-NOD32a variant of Win32/Kryptik.GNXQ
ClamAVWin.Dropper.IcedID-7067317-0
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.IcedID.fklqsw
RisingTrojan.Generic@ML.100 (RDML:2htQ+N0GX7Ae/QZexY0c6g)
Ad-AwareTrojan.Agent.DJXN
SophosML/PE-A
DrWebTrojan.IcedID.15
ZillyaTrojan.GenKryptik.Win32.20854
McAfee-GW-EditionUrsnif-FQLY!B47044A6F295
EmsisoftTrojan.Agent.DJXN (B)
APEXMalicious
JiangminTrojan.Banker.IcedID.do
AviraHEUR/AGEN.1129707
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.298E113
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ArcabitTrojan.Agent.DJXN
SUPERAntiSpywareTrojan.Agent/Gen-Banker
GDataTrojan.Agent.DJXN
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C2868826
Acronissuspicious
McAfeeUrsnif-FQLY!B47044A6F295
VBA32TrojanBanker.IcedID
CylanceUnsafe
PandaTrj/GdSda.A
TencentMalware.Win32.Gencirc.10ba4968
YandexTrojan.PWS.IcedID!478fpt2+y1A
FortinetW32/GenKryptik.CRRJ!tr
AVGWin32:BankerX-gen [Trj]
AvastWin32:BankerX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Trojan.Agent.DJXN (B)?

Trojan.Agent.DJXN (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment