Trojan-Downloader.Win32.Agent.xxzuin malicious file

The Trojan-Downloader.Win32.Agent.xxzuin is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Downloader.Win32.Agent.xxzuin virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Attempts to connect to a dead IP:Port (1 unique times)
• Scheduled file move on reboot detected
• Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Possible date expiration check, exits too soon after checking local time
• Creates RWX memory
• Guard pages use detected – possible anti-debugging.
• Dynamic (imported) function loading detected
• CAPE extracted potentially suspicious content
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• The executable is compressed using UPX
• Authenticode signature is invalid
• A scripting utility was executed
• Uses Windows utilities for basic functionality
• Attempts to remove evidence of file being downloaded from the Internet
• Deletes its original binary from disk
• Collects and encrypts information about the computer likely to send to C2 server
• Installs itself for autorun at Windows startup
• Creates a hidden or system file
• Attempts to modify Windows Defender using PowerShell

Related domains:

How to determine Trojan-Downloader.Win32.Agent.xxzuin?

File Info:
name: 66EB53B404B7E18D5EB6.mlw
path: /opt/CAPEv2/storage/binaries/ba154c21d0f1585de8f6389fc1bffad5c6b30edf9492e460002536f1c32e0f68
crc32: E7EE41B3
md5: 66eb53b404b7e18d5eb642eb3dcf82e3
sha1: 65436f5de6d39df0cfd48f258493a2d2a3162923
sha256: ba154c21d0f1585de8f6389fc1bffad5c6b30edf9492e460002536f1c32e0f68
sha512: 6e6ea5411df557a69b8ac28684d546428aef27426527438c97fde8d5d626ff9f65b2f508dad36e0f4fb212b7f87fe0b54eb56c1058ae04454bab3b3e2e4960eb
ssdeep: 49152:ACwvzxjqCsgDPGVQy/XzfZ6XT78Ch9C0JeZPLAcD84/:c1qCDDuVX/XzfZ6XEChzJeW0
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1048533E6B3536BABF2A4D6FC3963148177B1F076814A894DB301CB43C2A75C90A71F66
sha3_384: 65b10acae82f964b111bd02ff624b2b66cfb40e6a422036aead9d19d9f2c31dd6c746fedebf2f76934f53c1ed3957ed4
ep_bytes: 53565755488d353a4ee4ff488dbedb9f
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

Trojan-Downloader.Win32.Agent.xxzuin also known as:

How to remove Trojan-Downloader.Win32.Agent.xxzuin?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.