Trojan

Should I remove “Trojan-Banker.Win32.Agent.auho”?

Malware Removal

The Trojan-Banker.Win32.Agent.auho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Banker.Win32.Agent.auho virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive

How to determine Trojan-Banker.Win32.Agent.auho?


File Info:

name: 3A065AD2DD853A4537DA.mlw
path: /opt/CAPEv2/storage/binaries/b9bb4aef4add509710d7e66f4cf0f582d4853fdf716a65e09ad51ecbc20c82f7
crc32: E4FCA860
md5: 3a065ad2dd853a4537da7f4327b931a3
sha1: 263968c2ff40c8df356ecdd5b63c01b6e5134c00
sha256: b9bb4aef4add509710d7e66f4cf0f582d4853fdf716a65e09ad51ecbc20c82f7
sha512: 80743afdd03fde88a1cf5f2a0554c76f7bf3a903fc22d0cdc2ac69c53f01d0da99e50ca86833bdc3cff2924efede5de04c66d71c51aedadfbe6ed3fe7838dd74
ssdeep: 196608:9PfEZYQN3+2MkJAgLoQtBQfngI7zDPkHt+PxO:9PI42MkYQtGgIrYgPxO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1688633B7112B0041E1F98C3AD5377DC572F302B9AA9258BCB2F69DD13D235E6E217982
sha3_384: 7698b40a75f7f5883b9d07c666a311ceeb56951d8268b2467eed6857c3f1fcabf346dca7971803fcd11953387576ac88
ep_bytes: 68d5c3e18ae8e259ecffdc266681eaec
timestamp: 2022-09-15 05:56:32

Version Info:

FileVersion: 1.0.0.0
FileDescription: By 殊途
ProductName: By 殊途
ProductVersion: 1.0.0.0
CompanyName: By 殊途 QQ1074881752
LegalCopyright: By 殊途 QQ1074881752
Comments: By 殊途
Translation: 0x0804 0x04b0

Trojan-Banker.Win32.Agent.auho also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
FireEyeGeneric.mg.3a065ad2dd853a45
McAfeeArtemis!3A065AD2DD85
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusAdware ( 004b8e1b1 )
K7GWAdware ( 004b8e1b1 )
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderThetaGen:NN.ZexaF.34682.@B0@aCdrKhlb
CyrenW32/FlyStudio.W.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/FlyStudio.Packed.AO potentially unwanted
KasperskyTrojan-Banker.Win32.Agent.auho
CynetMalicious (score: 100)
RisingTrojan.Agent!8.B1E (TFE:5:ur1hTgB6ywH)
SophosGeneric ML PUA (PUA)
ComodoTrojWare.Win32.Agent.ISVQ@5mbonp
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
Trapminemalicious.moderate.ml.score
APEXMalicious
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C4446183
MalwarebytesMalware.Heuristic.1003
IkarusTrojan.Win32.Krypt
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
Cybereasonmalicious.2ff40c

How to remove Trojan-Banker.Win32.Agent.auho?

Trojan-Banker.Win32.Agent.auho removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment