Trojan

Trojan.Agent.ESXP (file analysis)

Malware Removal

The Trojan.Agent.ESXP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.ESXP virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • A named pipe was used for inter-process communication
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

www.ip-adress.com

How to determine Trojan.Agent.ESXP?



File Info:

crc32: 3DDDF84B
md5: 56086a280a0e3b6ae56e97517d28d0fa
name: tmp5_rmunvo
sha1: 5c4efccea0c4456de15f164a3cbcfe16571a1ad6
sha256: 1b5fb2f47ec0495e550655f22e2feb7cd2d24113a06db145e5a029c1b0fe11db
sha512: 900b8c842827066f308a0f705e176c2f06edfa41cc167b424436dce728155ab8c4a03b6c3906be8c56ba20e4866130447e7d15efdf30e9fefacdb4ea55296c79
ssdeep: 6144:ByYonTHwJ9vYuj0NqOoEi9cfsGZDY10Bz7qUkIdW5ZeuPygGzk23MOaXFtPCc3y:BdKN8/GVZfBzT7c5ZpF23MOqLaz
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: (C)Qihu 360 Software Co., Ltd. All rights reserved.
InternalName: SandboxMain
FileVersion: 8,6,0,1004
ProductName: 360 Sandbox
ProductVersion: 8,6,0,1004
FileDescription: 360 Sandbox
OriginalFilename: SandboxMain.exe
Translation: 0x0409 0x04b0

Trojan.Agent.ESXP also known as:

BkavW32.AIDetectVM.malwareA
MicroWorld-eScanTrojan.Agent.ESXP
McAfeeW32/PinkSbot-GW!56086A280A0E
CylanceUnsafe
SangforMalware
K7AntiVirusRiskware ( 0049f6ae1 )
BitDefenderTrojan.Agent.ESXP
K7GWRiskware ( 0049f6ae1 )
Cybereasonmalicious.ea0c44
TrendMicroBackdoor.Win32.QAKBOT.SME
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:BankerX-gen [Trj]
GDataWin32.Backdoor.QakBot.AT0UQN
RisingTrojan.Generic@ML.84 (RDML:njpQ9ghjf43t5MJK9InDyw)
Ad-AwareTrojan.Agent.ESXP
EmsisoftTrojan.Agent.ESXP (B)
Invinceaheuristic
McAfee-GW-EditionArtemis
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.56086a280a0e3b6a
SophosTroj/Qbot-FS
IkarusTrojan.Qakbot
MAXmalware (ai score=83)
Antiy-AVLGrayWare/Win32.Kryptik.ehls
Endgamemalicious (high confidence)
ArcabitTrojan.Agent.ESXP
MicrosoftTrojan:Win32/Qbot.DEE!MTB
AhnLab-V3Trojan/Win32.Qakbot.R341435
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34128.NM1@a8KYtueP
ALYacTrojan.Agent.ESXP
VBA32BScope.Trojan.Zenpak
MalwarebytesTrojan.MalPack.SGI
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HEHC
TrendMicro-HouseCallBackdoor.Win32.QAKBOT.SME
SentinelOneDFI – Malicious PE
eGambitPE.Heur.InvalidSig
FortinetW32/Cridex.VHO!tr
AVGWin32:BankerX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Agent.ESXP?

Trojan.Agent.ESXP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment