Trojan

What is “Trojan.Agent.S4796459”?

Malware Removal

The Trojan.Agent.S4796459 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.S4796459 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Egypt)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the WarzoneRAT malware family
  • Creates a copy of itself

How to determine Trojan.Agent.S4796459?



File Info:

name: 7A5612FA291A07988105.mlw
path: /opt/CAPEv2/storage/binaries/2b3182451ba2c44a6a8a968b49e141472bf8affa6669d7755ae2a8d493a7fef9
crc32: 520BF89D
md5: 7a5612fa291a079881054521565aeb52
sha1: ceca5f6a836421aaa70b39de4c58a98fa3b8cb01
sha256: 2b3182451ba2c44a6a8a968b49e141472bf8affa6669d7755ae2a8d493a7fef9
sha512: fd9b72136adc299a116e2f423612de6294166454818b0264f4f4e4cb18bf4d9820d38c9d7e96680f4b4ea242467b277ecff34e2a2e04742624d47e3edea09e0f
ssdeep: 12288:IQPMlkuK9k987WfKmugtlLEj4uN4mqLYhTMSpA7W2FeDSIGVH/KIDgDgUeHbY1tL:I5F9OJALEjMMoQDbGV6eH8tk+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T150959DE177A904ABE1133BB05C0FC3718159BD79A644936F2BFBBD2D4C9B291A423253
sha3_384: 99f5eeffeb98c9d0df15a2440cde1ac59d6ce49391baac66c5e7b2ac00f7d9efffbacb609ab0f001561bfb3b6d8a5e28
ep_bytes: 55545d83c4f0b884e64800e8d473f7ff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 8.0.1810.13
Full Version: 1.8.0_181-b13
InternalName: unpack200
LegalCopyright: Copyright © 2018
OriginalFilename: unpack200.exe
ProductName: Java(TM) Platform SE 8
ProductVersion: 8.0.1810.13
Translation: 0x0000 0x04b0

Trojan.Agent.S4796459 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Siggen6.54687
MicroWorld-eScanGen:Variant.Zusy.338110
FireEyeGeneric.mg.7a5612fa291a0798
CAT-QuickHealTrojan.Agent.S4796459
McAfeePWS-FCRX!7A5612FA291A
CylanceUnsafe
Sangfor[ASPACK V2.12]
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.BCE7A70017
VirITTrojan.Win32.Injector.CFTT
CyrenW32/Trojan.FQJ.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Injector.ELDH
TrendMicro-HouseCallTrojanSpy.Win32.AVEMARIA.SMTH
ClamAVWin.Malware.Eclv-9782803-0
KasperskyHEUR:Trojan.Win32.Scarsi.pef
BitDefenderGen:Variant.Zusy.338110
NANO-AntivirusTrojan.Win32.Scarsi.idtcpu
SUPERAntiSpywareTrojan.Agent/Gen-Injector
AvastSf:ShellCode-CU [Trj]
TencentTrojan.Win32.Delf.tc
Ad-AwareGen:Variant.Zusy.338110
SophosML/PE-A + Troj/Agent-AJFK
ZillyaTrojan.Injector.Win32.786398
TrendMicroTrojanSpy.Win32.AVEMARIA.SMTH
McAfee-GW-EditionBehavesLike.Win32.Generic.th
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Zusy.338110 (B)
IkarusTrojan.Win32.Injector
GDataGen:Variant.Zusy.338110
JiangminTrojan.Generic.dsqqe
AviraHEUR/AGEN.1207319
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Agent.R281398
ALYacGen:Variant.Zusy.338110
MalwarebytesGeneric.Trojan.Injector.DDS
APEXMalicious
RisingStealer.AveMaria!1.CEBB (CLASSIC)
YandexTrojan.GenAsa!3PeokibywzU
MAXmalware (ai score=89)
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Injector.ELDH!tr
AVGSf:ShellCode-CU [Trj]
Cybereasonmalicious.a291a0
PandaTrj/Genetic.gen

How to remove Trojan.Agent.S4796459?

Trojan.Agent.S4796459 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment