Trojan

Trojan.AgentWDCR.JMO (B) (file analysis)

Malware Removal

The Trojan.AgentWDCR.JMO (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.AgentWDCR.JMO (B) virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to stop active services
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior

How to determine Trojan.AgentWDCR.JMO (B)?



File Info:

name: 0D65E9D3AEB799A3D641.mlw
path: /opt/CAPEv2/storage/binaries/44dab0c2ff68819562f1822834efc75437a769af36fc72f41f412280a6e82ef6
crc32: AE72E7F6
md5: 0d65e9d3aeb799a3d641e8eb4ef059da
sha1: d9ea733fda337b817ff746c5bcdc3bccbad7c18d
sha256: 44dab0c2ff68819562f1822834efc75437a769af36fc72f41f412280a6e82ef6
sha512: e5a6d9d06d48b5d9fbbf54eed0453e43d71b7d5c987bbd13e4d5239c814547764e826aa8e81d1a6e4520204d36632103084645d2f066f5114f28dff9da7143ba
ssdeep: 12288:FXgvmzFHi0mo5aH0qMzd58i7FwPJQPDHvd:FXgvOHi0mGaH0qSdBFi4V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B16C03AB781C8F1C48580327695AE139EF56C300625EA67DB60CE093EF51E5D72A78F
sha3_384: 0749218967593675d360e3aebd9cf71b115963c1df97f0277e7ac63cfa995ef929f54d2e2b7192a4f943959a13b5bd6c
ep_bytes: 6a6068f8b74200e8edf7ffffbf940000
timestamp: 2006-12-09 04:41:02


Version Info:

0: [No Data]

Trojan.AgentWDCR.JMO (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.AgentWDCR.JMO
FireEyeGeneric.mg.0d65e9d3aeb799a3
CAT-QuickHealWorm.Pykspa.C3
ALYacTrojan.AgentWDCR.JMO
CylanceUnsafe
K7AntiVirusTrojan ( 003da8d71 )
K7GWTrojan ( 003da8d71 )
Cybereasonmalicious.3aeb79
BitDefenderThetaGen:NN.ZexaF.34294.@pW@aenLPPb
CyrenW32/Pykspa.A.gen!Eldorado
SymantecW32.Pykspa.D
ESET-NOD32Win32/AutoRun.Agent.TG
BaiduWin32.Worm.Autorun.o
APEXMalicious
AvastWin32:Renos-KY [Trj]
ClamAVWin.Worm.Autorun-437
KasperskyWorm.Win32.Yah.a
BitDefenderTrojan.AgentWDCR.JMO
NANO-AntivirusTrojan.Win32.AntiAV.dsnxsg
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareTrojan.AgentWDCR.JMO
TACHYONTrojan/W32.Blocker.4349952.B
EmsisoftTrojan.AgentWDCR.JMO (B)
ComodoWorm.Win32.Autorun.Agent_TG0@1isiwy
DrWebTrojan.Kypes.2
VIPREWorm.Win32.Skyper.b (v)
TrendMicroTROJ_AGENT_006376.TOMB
McAfee-GW-EditionBehavesLike.Win32.Pykse.rz
SophosML/PE-A + W32/Skyper-B
GDataTrojan.AgentWDCR.JMO
JiangminTrojan/Vilsel.cgx
AviraTR/Agent.327680.A
Antiy-AVLTrojan/Generic.ASMalwS.2ADE
KingsoftHeur.SSC.1767.1216.(kcloud)
ViRobotTrojan.Win32.Blocker.Gen.B
MicrosoftTrojan:Win32/Dinwod.A!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zepfod.R4378
Acronissuspicious
McAfeeW32/Pykse.worm.gen.a
MAXmalware (ai score=84)
VBA32Worm.Yah
MalwarebytesWorm.Agent
TrendMicro-HouseCallTROJ_AGENT_006376.TOMB
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazpY1N+VLhk2roN5IE062+r7)
YandexTrojan.GenAsa!qHVVdB/AORM
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Agent.XEK!tr
AVGWin32:Renos-KY [Trj]
PandaW32/SpySkype.E
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureBackdoor.Zepfod.A

How to remove Trojan.AgentWDCR.JMO (B)?

Trojan.AgentWDCR.JMO (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment