Categories: Trojan

About “Trojan.Agent.ED” infection

The Trojan.Agent.ED is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Agent.ED virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Exhibits behavior characteristic of Pony malware
Exhibits possible ransomware file modification behavior
Collects information about installed applications
Creates a hidden or system file
Creates a copy of itself
Harvests credentials from local FTP client softwares
Anomalous binary characteristics

How to determine Trojan.Agent.ED?


File Info:
crc32: 418191F1md5: deae946554c45e057b69e154c3cf1257name: DEAE946554C45E057B69E154C3CF1257.mlwsha1: 86e5503ebff62c18429fa7b0d60e7aab726a2bc9sha256: a4ce4ad33ae7a4edd15238549afc57a81c49f161e9160a608b4fb4757adf5761sha512: d886fac22319f9858198c8ba937f71cb128506430ec6a56abf0db20d41ab8b8c0156206a965bb1e4fe2b0897fa6c5b5760b3be0b6b906cc20ab5b9e6c34dcc91ssdeep: 6144:3kBtdmmpZnxJRhYLT9crY8LAdu4Nu0dSkXYGfuuLzbC30YJT6GPqSnUQS:0LdmuxJRWLCrY8A9PGuLzbCkixySnNStype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2011InternalName: ISCT and IFFS DriverFileVersion: 1, 0, 0, 1002ProductName: ISCT DriverProductVersion: 1, 0, 0, 1002FileDescription: ISCT and IFFS DriverOriginalFilename: ISCTD.sysTranslation: 0x0409 0x04b0

Trojan.Agent.ED also known as:

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Trojan.GenericKDZ.26384
FireEye	Generic.mg.deae946554c45e05
ALYac	Trojan.GenericKDZ.26384
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0040f99b1 )
BitDefender	Trojan.GenericKDZ.26384
K7GW	Trojan ( 0040f99b1 )
Cybereason	malicious.554c45
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:GenMalicious-IUG [Trj]
ClamAV	Win.Trojan.Generickdz-6940546-0
Tencent	Trojan.Win32.Inject.sbeca
Ad-Aware	Trojan.GenericKDZ.26384
Sophos	Troj/HkMain-BS
Comodo	TrojWare.Win32.Spy.Zbot.DKA@5ieycx
F-Secure	Trojan.TR/Spy.Zbot.osdez
DrWeb	Trojan.Mayachok.18828
Invincea	ML/PE-A + Troj/HkMain-BS
McAfee-GW-Edition	Generic-FAVG!DEAE946554C4
Emsisoft	Trojan.GenericKDZ.26384 (B)
Ikarus	Trojan-PSW.Win32.Tepfer
Jiangmin	Trojan.Fury.ez
Webroot	Trojan.Dropper.Gen
Avira	TR/Spy.Zbot.osdez
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan[Ransom]/Win32.Fury
Microsoft	VirTool:Win32/Vigorf.A
Gridinsoft	Trojan.Heur!.02012A01
Arcabit	Trojan.Generic.D6710
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
GData	Trojan.GenericKDZ.26384
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Necurs.R123848
Acronis	suspicious
McAfee	Generic-FAVG!DEAE946554C4
MAX	malware (ai score=84)
Malwarebytes	Trojan.Agent.ED
Panda	Generic Suspicious
ESET-NOD32	a variant of Win32/Injector.BPNZ
Rising	Malware.Undefined!8.C (TFE:1:I2VwTjj1boD)
Yandex	Trojan.GenAsa!Jt1Us+jv2N0
SentinelOne	Static AI – Malicious PE
MaxSecure	Virus.PECorrupt
Fortinet	W32/HkMain.BN!tr
BitDefenderTheta	Gen:NN.ZexaF.34634.wy0@ayyZBfjj
AVG	Win32:GenMalicious-IUG [Trj]