Trojan

Trojan.Agent.EPXZ removal guide

Malware Removal

The Trojan.Agent.EPXZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.EPXZ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Anomalous binary characteristics

How to determine Trojan.Agent.EPXZ?



File Info:

name: 92C66A0347B8FDB7C63C.mlw
path: /opt/CAPEv2/storage/binaries/b8e4b18933677331d44c11606e39c2f5362c2181eb5d40c1a1019f41394cb371
crc32: 20525864
md5: 92c66a0347b8fdb7c63c18cd5281cbf3
sha1: 978423e490fe7f88384ec19557bb5a218fed3efa
sha256: b8e4b18933677331d44c11606e39c2f5362c2181eb5d40c1a1019f41394cb371
sha512: d3ee6a30bbeeebb5bc7629af5b02bf4b8f8994fcdf82402f58971583b23ec8a522d77aa86d86e1349a929822b4304c8af6b58a8c7392ad0abe4cd90d09c08e0e
ssdeep: 12288:5vfvOeb5aExjtw9beYjgC4l/XzIrCjQuYdAy:5meboExKgC4NDIwQ7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T190940192A7F5CA44FBF60B7078764AA04A3ABDD63831CE1E5160B04E2DB4E44CCA1727
sha3_384: 4ad9b3b037de1ff9f96a4de9de30f1c71015862cd97535f73ec0454d09452fa514b369ff116f034ada976c0d4f0e211e
ep_bytes: 60be00a046008dbe0070f9ff5783cdff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: BrlanSo;futwre Co.
FileDescription: 
FileVersion: 6.0.0.0
InternalName: 
LegalCopyright: Copkkyr001 d Softare Corp.
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 6.0
Comments: 
Translation: 0x0409 0x04e4

Trojan.Agent.EPXZ also known as:

Elasticmalicious (high confidence)
DrWebBackDoor.Pazus.219
MicroWorld-eScanTrojan.Agent.EPXZ
McAfeeFareit-FUO!21587485FF9A
CylanceUnsafe
ZillyaTrojan.Injector.Win32.717712
K7AntiVirusTrojan ( 0051918e1 )
K7GWTrojan ( 0051918e1 )
Cybereasonmalicious.347b8f
BitDefenderThetaGen:NN.ZelphiF.34062.zmKfaWyOzOhi
CyrenW32/Injector.ABY.gen!Eldorado
SymantecInfostealer.Lokibot!43
ESET-NOD32a variant of Win32/Injector.ELQR
ClamAVWin.Dropper.LokiBot-8329864-0
KasperskyHEUR:Trojan.Win32.Kryptik.gen
BitDefenderTrojan.Agent.EPXZ
NANO-AntivirusTrojan.Win32.TrjGen.hjmdza
AvastWin32:PWSX-gen [Trj]
TencentMalware.Win32.Gencirc.11cf1df5
Ad-AwareTrojan.Agent.EPXZ
EmsisoftTrojan.Agent.EPXZ (B)
McAfee-GW-EditionFareit-FUO!21587485FF9A
FireEyeGeneric.mg.92c66a0347b8fdb7
SophosML/PE-A + Mal/Fareit-AA
IkarusTrojan.Win32.Injector
GDataTrojan.Agent.EPXZ
JiangminTrojan.Kryptik.bso
eGambitUnsafe.AI_Score_83%
AviraHEUR/AGEN.1136310
Antiy-AVLTrojan/Generic.ASMalwS.30597A8
ArcabitTrojan.Agent.EPXZ
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Injector.R342242
VBA32Trojan.Kryptik
ALYacTrojan.Agent.EPXZ
MAXmalware (ai score=84)
MalwarebytesTrojan.MalPack.DLF
APEXMalicious
RisingMalware.Heuristic!ET#85% (RDMK:cmRtazpfBJRv29gxFIe8IZafzZhx)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.ELKP!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Trojan.Agent.EPXZ?

Trojan.Agent.EPXZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment