Categories: Trojan

Trojan.AgentWDCR.AASB (file analysis)

The Trojan.AgentWDCR.AASB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.AgentWDCR.AASB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics
  • Suspicious use of certutil was detected
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.AgentWDCR.AASB?



File Info:

name: 1BB53A2AA5A3373EAF49.mlwpath: /opt/CAPEv2/storage/binaries/d5ac4b6e2ad136667d84e6c19f55bd32e9989e67c7019729c15e369d4e5a8674crc32: 0498903Bmd5: 1bb53a2aa5a3373eaf49714c61a21a55sha1: 80086e9251926e14db5973144077d3de382e6f3asha256: d5ac4b6e2ad136667d84e6c19f55bd32e9989e67c7019729c15e369d4e5a8674sha512: 9ca461e051c865931b60ca0ca9998e5816508afb3254243d2f7251561c92149d026d1dae66fa1625c9b44b52f8ff99cfbe7ce13eabef36fbe4f4de8601bda4d9ssdeep: 12288:uQY6P5vJSWXe08uEf1i/9TbyTfKQU/UqjHirj6WLCnCHPUygf+7hCinjiETQG+:uQhHSgmxfM9TbyTiQU/UqjHignCHP5V0type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1CAF4120763FD4832E8B20BB54DE942C71939FD701F3A87DB324E06D598A16A49DB8367sha3_384: 3b1a589529248a14f776ffec9aa52c2476bf612dd2d06f7db8c8dba5dc6c025dd3385e576ce7f69bdb3af3bf774cf1caep_bytes: e8070b0000e905000000cccccccccc6atimestamp: 2013-10-14 05:50:27

Version Info:

CompanyName: Meajslea CorporationFileDescription: Georgiy Infsactaed                                           FileVersion: 11.00.9600.16428 (winblue_gdr.131013-1700)InternalName: Geralopeaf               LegalCopyright: Moikl Corporation. All rights reserved.OriginalFilename: poliuh.EXE            .MUIProductName: ExplorerProductVersion: 11.00.9600.16428Translation: 0x0419 0x04b0

Trojan.AgentWDCR.AASB also known as:

FireEye Generic.mg.1bb53a2aa5a3373e
McAfee Artemis!1BB53A2AA5A3
Cylance Unsafe
Sangfor Trojan.Win32.Skeeyah.A
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.AgentWDCR.AASB
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
VirIT Trojan.Win32.Genus.JDU
Cyren W32/Johnnie.PBJM-4642
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Win32/PSW.Delf.OSF
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 99)
Kaspersky Trojan.Win32.Alien.gzk
Alibaba TrojanPSW:Win32/Alien.f3ee55a3
NANO-Antivirus Trojan.Win32.Alien.hbqwxi
MicroWorld-eScan Trojan.AgentWDCR.AASB
Rising Stealer.Delf!8.415 (KTSE)
Ad-Aware Trojan.AgentWDCR.AASB
Sophos Mal/Generic-S
DrWeb Trojan.PWS.Stealer.29619
Zillya Trojan.Alien.Win32.575
TrendMicro Trojan.Win32.MALREP.THBBABO
McAfee-GW-Edition AutoIt/Cybergate.a
Emsisoft Trojan.AgentWDCR.AASB (B)
Ikarus Trojan-PSW.Delf
Webroot W32.Trojan.Gen
Avira TR/PSW.Agent.uidqu
MAX malware (ai score=82)
Microsoft Trojan:Win32/Skeeyah.A!MTB
GData Win32.Trojan-Stealer.Azorult.49WOJO
AhnLab-V3 Malware/Win32.RL_Generic.R325449
ALYac Trojan.AgentWDCR.AASB
VBA32 Trojan.Wacatac
Malwarebytes Spyware.PasswordStealer
Panda Trj/WLT.F
TrendMicro-HouseCall Trojan.Win32.MALREP.THBBABO
Tencent Malware.Win32.Gencirc.116a64a7
Yandex Trojan.Alien!OHtWHsgi58g
SentinelOne Static AI – Malicious PE
MaxSecure Trojan.Malware.74828890.susgen
Fortinet W32/Delf.OSF!tr.pws
AVG Other:Malware-gen [Trj]
Cybereason malicious.aa5a33
Avast Other:Malware-gen [Trj]

How to remove Trojan.AgentWDCR.AASB?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: GeralopeafTrojan.AgentWDCR.AASB
2 years ago

Recent Posts

Graftor.636625 removal tips

The Graftor.636625 is considered dangerous by lots of security experts. When this infection is active,…

5 mins ago

Troj/Luder-A information

The Troj/Luder-A is considered dangerous by lots of security experts. When this infection is active,…

41 mins ago

How to remove “Malware.AI.2017919460”?

The Malware.AI.2017919460 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Should I remove “Malware.AI.2861677099”?

The Malware.AI.2861677099 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Malware.AI.4183435755 information

The Malware.AI.4183435755 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Dropped:Application.Generic.3571726 removal instruction

The Dropped:Application.Generic.3571726 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago