Trojan

Trojan.AgentWDCR.HZH removal

Malware Removal

The Trojan.AgentWDCR.HZH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.AgentWDCR.HZH virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup

How to determine Trojan.AgentWDCR.HZH?



File Info:

name: 4B922282D65758559FD0.mlw
path: /opt/CAPEv2/storage/binaries/f3c7bed24daf4e32059b7da33c0c640a9098200e39aa4c6d4fa5864c3f459452
crc32: 9F77B14E
md5: 4b922282d65758559fd030d60cc62b09
sha1: 5a6071526447de28b8ee81616f9cf86b87f27ad7
sha256: f3c7bed24daf4e32059b7da33c0c640a9098200e39aa4c6d4fa5864c3f459452
sha512: e865977627f8f1c17cf91f6f03be5df71de39087b6cad69fbc715d8907a1bffaea5db3c3ea60bee415c6d83da99e0d1478d55902a055c1a723a4b27e9e6d3fc9
ssdeep: 98304:JdNiNhp8Di5X1mj91It2pccD4kvb1VfpQWnwzNy2GP4VxcAD2nwqmzXm4j0AjKdw:XNch+Dibmj0t2pcfkT1/NwzNtVxcAkwf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D1563352D6FDA779F4B51FF10070237973F1B89A4F32F65C6A000A8505666C20AB9BBE
sha3_384: 29bbf6520c342b20041ebe90eabea34a2705bd019ffe4e83aff64a1250adaa09a326253977e1a22dac4694bc1d5ad255
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

Trojan.AgentWDCR.HZH also known as:

ALYacTrojan.AgentWDCR.HZH
CylanceUnsafe
VIPREVirTool.Win32.DelfInject.ac (v)
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.2d6575
CyrenW32/DelfInject.KHXW-3303
SymantecW32.Ackantta!Dr
ESET-NOD32Win32/Merond.O
APEXMalicious
ClamAVWin.Trojan.Buzus-8265
KasperskyTrojan.Win32.Agentb.btey
BitDefenderTrojan.AgentWDCR.HZH
NANO-AntivirusTrojan.Win32.Buzus.eopedq
RisingTrojan.Generic@ML.100 (RDML:IrYE/kz0EjzobIrP22vODg)
EmsisoftTrojan.AgentWDCR.HZH (B)
ComodoMalware@#acin1bd5q2yo
DrWebTrojan.AVKill.2679
McAfee-GW-EditionW32/Xirtem@MM.j
FireEyeTrojan.AgentWDCR.HZH
SophosW32/Cabble-A
GDataWin32.Trojan.Agent.UNQ347
JiangminTrojan/Buzus.aojb
AviraDR/Delphi.jufa
Antiy-AVLTrojan/Generic.ASMalwS.1EE162
McAfeeArtemis!4B922282D657
MAXmalware (ai score=80)
VBA32Trojan.Buzus
YandexTrojan.GenAsa!N9o9TdVs3MU
eGambitUnsafe.AI_Score_93%
FortinetW32/BUZUS.BHY!tr
BitDefenderThetaGen:NN.ZelphiF.34062.yGW@ayKkYap
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
MaxSecureVirus.Win32.Cabres.A

How to remove Trojan.AgentWDCR.HZH?

Trojan.AgentWDCR.HZH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment