Trojan

What is “Trojan.AgentPMF.S23157942”?

Malware Removal

The Trojan.AgentPMF.S23157942 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.AgentPMF.S23157942 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • A process sent information about the computer to a remote location.
  • Attempts to identify installed AV products by installation directory
  • Attempts to detect ThreatTrack/GFI/CW Sandbox through the presence of a file
  • Attempts to modify proxy settings

How to determine Trojan.AgentPMF.S23157942?



File Info:

name: DA6C512EE18F759911F3.mlw
path: /opt/CAPEv2/storage/binaries/c2f07db3c1e4b65f3f87849a87e7c5df5a8f467286b6f39a700e072954d680af
crc32: 406C0A60
md5: da6c512ee18f759911f3060cb30a17c7
sha1: 9cfe95a3e41b6a7fbe13525941c51b52fcfba752
sha256: c2f07db3c1e4b65f3f87849a87e7c5df5a8f467286b6f39a700e072954d680af
sha512: b690ee408446de345ebe7367330d72e3f39efa7c17bbb93239f5e63d3c0fbcfa219beaee602e8b0ab0502c0943f95aa8ce5732041c010db3493ef69b41d52fc6
ssdeep: 49152:dz9C0az9C0Yz9C0az9C0Yz9C0az9C0Yz9C0az9C0:dz9wz96z9wz92z9wz96z9wz9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A7959E00B6E1C4B2D857667440ABABA60D7D36352F26E2D3F7601E649D603F2BE3435E
sha3_384: 4f2bd55ec252b15bf7e2226d550d4ca6c32437f7cc7bad688804e3267c4ade8dd4665043b3298f02c3b6d174ea27f987
ep_bytes: e8e9780000e989feffff8bff558bec83
timestamp: 2013-09-30 21:14:21


Version Info:

0: [No Data]

Trojan.AgentPMF.S23157942 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader43.22784
MicroWorld-eScanTrojan.GenericKDZ.78934
FireEyeGeneric.mg.da6c512ee18f7599
CAT-QuickHealTrojan.AgentPMF.S23157942
ALYacTrojan.GenericKDZ.78934
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2431407
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0048e2411 )
K7GWTrojan ( 0048e2411 )
Cybereasonmalicious.ee18f7
BitDefenderThetaGen:NN.ZexaF.34294.0vZ@aafPyGoi
CyrenW32/S-61bb439d!Eldorado
ESET-NOD32a variant of Win32/MewsSpy.A
ClamAVWin.Malware.Qakbot-9860983-1
KasperskyTrojan.Win32.Agent.annso
BitDefenderTrojan.GenericKDZ.78934
NANO-AntivirusTrojan.Win32.MewsSpy.fqjudx
AvastWin32:Malware-gen
RisingTrojan.Generic@ML.89 (RDML:m3/R7jZvGPsgCEp7yylBow)
Ad-AwareTrojan.GenericKDZ.78934
ComodoTrojWare.Win32.Sisron.A@549hot
BaiduWin32.Trojan.MewsSpy.a
EmsisoftTrojan.GenericKDZ.78934 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Agent.ifva
MaxSecureTrojan.Malware.121218.susgen
AviraHEUR/AGEN.1115212
Antiy-AVLTrojan/Generic.ASMalwS.2B9E81C
MicrosoftBackdoor:Win32/Wavipeg.B
ArcabitTrojan.Generic.D13456
GDataTrojan.GenericKDZ.78934
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Hupe.Gen
McAfeeGenericRXQK-CB!DA6C512EE18F
MAXmalware (ai score=87)
VBA32Trojan.Agent
MalwarebytesBackdoor.Qbot
APEXMalicious
TencentTrojan.Win32.BitCoinMiner.la
YandexTrojan.GenAsa!8VFTlaRhzk8
FortinetW32/MewsSpy.B!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Trojan.AgentPMF.S23157942?

Trojan.AgentPMF.S23157942 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment