Trojan

Trojan.Agent.FSWY malicious file

Malware Removal

The Trojan.Agent.FSWY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.FSWY virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Finnish
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the OnlyLogger malware family
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Agent.FSWY?



File Info:

name: 858A17D51CED004E7AE2.mlw
path: /opt/CAPEv2/storage/binaries/bb94d2403d9e5c89fa6e39e05289897ae7a3f8a09bc6049419fa92f48550205d
crc32: 53A37E2B
md5: 858a17d51ced004e7ae2c875f2f8b26a
sha1: da60fba0520b088c84d8041875ab109ed09ee503
sha256: bb94d2403d9e5c89fa6e39e05289897ae7a3f8a09bc6049419fa92f48550205d
sha512: 7ee66bfe24bb33d0bd503715684dcfd3d32dd1d4e552f809bb9b031fea308de81e98f574210eac38cad66e305a11d0c1adc6c621bbbcf76448c92c53f715e7f3
ssdeep: 6144:sm5qHZa3SLxLCgY3fdMx2UN/APBXYlmIXwbigayW:syqHZa3SlLCgEFWDqp2mTW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19194F1017980D431E8A96D309535CFA50A7BFCB15960A507F7B4BBAF2E323D16A357C2
sha3_384: d144c65d27214be9e341b7fb378564a064bb70a786707b296fa5cce90149aefeffe1674df32cb78621f4c1b8902716b1
ep_bytes: e8c25d0000e979feffff8bff51c70158
timestamp: 2021-06-09 10:45:22


Version Info:

FileVersion: 21.79.11.69
InternationalName: pomgveoci.iwe
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.70.57
Translations: 0x0127 0x010e

Trojan.Agent.FSWY also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Stop.j!c
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop19.27676
MicroWorld-eScanTrojan.Agent.FSWY
FireEyeGeneric.mg.858a17d51ced004e
CAT-QuickHealTrojanransom.Stop
ALYacTrojan.Agent.FSWY
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3689001
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/StopCrypt.5a722723
K7GWTrojan ( 0058bc0d1 )
K7AntiVirusTrojan ( 003e58dd1 )
BitDefenderThetaGen:NN.ZexaF.34232.zq0@ayelnOcK
CyrenW32/Injuke.M.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HOGN
TrendMicro-HouseCallRansom_StopCrypt.R002C0DB722
Paloaltogeneric.ml
ClamAVWin.Dropper.LokiBot-9938483-0
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.Agent.FSWY
AvastWin32:CrypterX-gen [Trj]
TencentTrojan-ransom.Win32.Stop.16000284
Ad-AwareTrojan.Agent.FSWY
TACHYONRansom/W32.Stop.422400.C
EmsisoftTrojan.Agent.FSWY (B)
ComodoMalware@#z3cafpcspyg7
TrendMicroRansom_StopCrypt.R002C0DB722
McAfee-GW-EditionBehavesLike.Win32.Emotet.gh
Trapminemalicious.high.ml.score
SophosMal/Generic-S + Mal/Agent-AWV
IkarusTrojan-Ransom.StopCrypt
GDataTrojan.Agent.FSWY
JiangminTrojan.Stop.dib
WebrootW32.Malware.Gen
AviraTR/AD.Chapak.dnrhv
Antiy-AVLTrojan/Generic.ASMalwS.3524F16
GridinsoftMalware.Win32.GenericMC.cc
MicrosoftRansom:Win32/StopCrypt.MK!MTB
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.SmokeLoader.R470641
McAfeePacked-GDT!858A17D51CED
MAXmalware (ai score=82)
VBA32TrojanRansom.Stop
MalwarebytesTrojan.MalPack.GS
APEXMalicious
RisingRansom.Stop!8.10810 (CLOUD)
YandexTrojan.Kryptik!O7fiUNo+ZBY
SentinelOneStatic AI – Malicious PE
FortinetW32/GenericKDZ.6DF1!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A

How to remove Trojan.Agent.FSWY?

Trojan.Agent.FSWY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment