Trojan

What is “Trojan.Agent.ERGH”?

Malware Removal

The Trojan.Agent.ERGH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.ERGH virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the Emotet malware family
  • Attempts to modify proxy settings

How to determine Trojan.Agent.ERGH?



File Info:

name: 4D9F0D4289D736408FF7.mlw
path: /opt/CAPEv2/storage/binaries/406ca390624ffda4efa25be3de9eff201b9a5c93ba6d1aa8f0447f7dc5b280f8
crc32: BCCBEA0B
md5: 4d9f0d4289d736408ff77167d959a8a9
sha1: faffd14137c5d326f38a6f2831bd317d59e7c5a9
sha256: 406ca390624ffda4efa25be3de9eff201b9a5c93ba6d1aa8f0447f7dc5b280f8
sha512: b16184adf60d42300f0681017e422ec1bfed3ce6095491e2c6089c694ba147a97bbbb1351293c0f28718a801273c552ce4f0a5e0275ad102e3d71358c2a76e7c
ssdeep: 12288:IqcEDY6wH0R0zcvRmGKwo7FftPLZVEqeFVEUy:G6wU2zcObFfP+1rEUy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167C48C077AF1C277C1A2D1318E9BFB99A3F2EE204D76464333941B0D2D766C69326366
sha3_384: c39db2bb92518317ad878f688385c0676fa530ddffbfee6c237ffca67a0dfe69ab6adcce2263b0e075eb6be6899f2842
ep_bytes: 6a6068480c4600e8eae0ffffbf940000
timestamp: 2020-05-19 20:16:57


Version Info:

FileDescription: VariantUse MFC Application
FileVersion: 1, 0, 0, 1
InternalName: VariantUse
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: VariantUse.EXE
ProductName: VariantUse Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Trojan.Agent.ERGH also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.ERGH
FireEyeGeneric.mg.4d9f0d4289d73640
ALYacTrojan.Agent.ERGH
K7AntiVirusTrojan ( 005672dc1 )
BitDefenderTrojan.Agent.ERGH
K7GWTrojan ( 005672dc1 )
Cybereasonmalicious.289d73
VirITTrojan.Win32.TrickBot.BKH
CyrenW32/Emotet.ALE.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Emotet.CD
APEXMalicious
ClamAVWin.Dropper.Emotet-7995956-0
KasperskyHEUR:Backdoor.Win32.Emotet.vho
RisingBackdoor.Emotet!8.514D (RDMK:cmRtazqQNIxXixnuNApmtAjERBjr)
SophosMal/Generic-S
DrWebTrojan.DownLoader33.35922
TrendMicroTrojanSpy.Win32.EMOTET.SMV.hp
McAfee-GW-EditionBehavesLike.Win32.Emotet.hh
EmsisoftTrojan.Emotet (A)
SentinelOneStatic AI – Suspicious PE
JiangminBackdoor.Emotet.fv
AviraHEUR/AGEN.1135035
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.3079E77
MicrosoftTrojan:Win32/Emotet.ARJ!MTB
SUPERAntiSpywareTrojan.Agent/Gen-Emotet
GDataTrojan.Agent.ERGH
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.RL_Generic.R359050
McAfeeEmotet-FQU!4D9F0D4289D7
TACHYONBackdoor/W32.Emotet.569344
VBA32Backdoor.Emotet
MalwarebytesTrojan.MalPack.TRE
PandaTrj/Emotet.C
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.SMV.hp
TencentMalware.Win32.Gencirc.10cdcd2a
IkarusTrojan-Banker.Emotet
FortinetW32Kryptik.HDOP!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Agent.ERGH?

Trojan.Agent.ERGH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment