Trojan.AgentWDCR.IFU malicious file

The Trojan.AgentWDCR.IFU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.AgentWDCR.IFU virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Unconventionial language used in binary resources: Russian
Anomalous binary characteristics

How to determine Trojan.AgentWDCR.IFU?


File Info:
crc32: C54FFFAC
md5: 8ed70ce6467219896cb4a066cb64b71b
name: 8ED70CE6467219896CB4A066CB64B71B.mlw
sha1: 76f0f5f515896eaefbc9f5c7e85f10c81b4b953f
sha256: a37856ea416f0723a1e3a61515878384cb5c33e1984114281956b660cef6d301
sha512: 955b462514fa549af5119ca9d87c17a2da703646657c4b121834ec354c5682f553ea795306d6b797520f64367acc242c36d7a4d7a1ee98ec8fc3fb2656ec6100
ssdeep: 1536:rsjAznbqg6Vo/OYR6NbF/X7RnRY4oLuafc5AhLqXDd3RIzlrwDLb0A:rskvWoG5bjY4oqRAhmX5BIzlaLb0A
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:
InternalName: c m d
FileVersion: 2.66
CompanyName:  NirSoft
ProductName:  NirCmd
ProductVersion: 2.66
FileDescription:  NirCmd
OriginalFilename:  NirCmd.exe 
Translation: 0x0409 0x04b1

Trojan.AgentWDCR.IFU also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 004f3cdd1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.6246
Cynet	Malicious (score: 100)
ALYac	Trojan.AgentWDCR.IFU
Cylance	Unsafe
Zillya	Trojan.CryptXXX.Win32.677
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Ransom:Win32/Tovicrypt.381c9c02
K7GW	Trojan ( 004f3cdd1 )
Cybereason	malicious.646721
Cyren	W32/S-b5a1ff1e!Eldorado
Symantec	Ransom.CryptXXX!g17
ESET-NOD32	Win32/Filecoder.CryptProjectXXX.H
Zoner	Trojan.Win32.45604
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.AgentWDCR.IFU
NANO-Antivirus	Virus.Win32.Gen.ccmw
ViRobot	Trojan.Win32.Ransom.93696.D
SUPERAntiSpyware	Ransom.Cerber/Variant
MicroWorld-eScan	Trojan.AgentWDCR.IFU
Tencent	Win32.Trojan.Raas.Auto
Ad-Aware	Trojan.AgentWDCR.IFU
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZexaF.34692.fy1@a0PKLFbQ
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPCRYPMIC.SM4
McAfee-GW-Edition	Ransomware-GJA!8ED70CE64672
FireEye	Generic.mg.8ed70ce646721989
Emsisoft	Trojan.AgentWDCR.IFU (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.CryptXXX.xw
Avira	TR/Crypt.XPACK.sdlsn
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.1B85EDF
Microsoft	Ransom:Win32/Tovicrypt.A
Arcabit	Trojan.AgentWDCR.IFU
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.AgentWDCR.IFU
AhnLab-V3	Trojan/Win32.CryptXXX.R188553
Acronis	suspicious
McAfee	Ransomware-GJA!8ED70CE64672
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Bagsu
Malwarebytes	Malware.AI.3156691918
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_HPCRYPMIC.SM4
Rising	Trojan.Win32.Tovicrypt.a (CLOUD)
Yandex	Trojan.GenAsa!fV4lYBUPwBQ
Ikarus	Trojan-Ransom.Tovicrypt
Fortinet	W32/Kryptik.FNZR!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Trojan.AgentWDCR.IFU?

Trojan.AgentWDCR.IFU removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X