Trojan

What is “Trojan-Dropper.Win32.Agent.hnwd”?

Malware Removal

The Trojan-Dropper.Win32.Agent.hnwd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Dropper.Win32.Agent.hnwd virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Trojan-Dropper.Win32.Agent.hnwd?


File Info:

name: 2FBC6F8DEF7186AC761D.mlw
path: /opt/CAPEv2/storage/binaries/5d3310cd9b9585ba9d74afcde88276536ece645419b5468a70544e32fa7020d7
crc32: DA39E3EF
md5: 2fbc6f8def7186ac761dbff5d2c9a7a4
sha1: 0970ee449c3e67017054c24e6835665b651ba541
sha256: 5d3310cd9b9585ba9d74afcde88276536ece645419b5468a70544e32fa7020d7
sha512: 5eb3cc8dd214143de1cd634d96cdb3ba86c7811f1ffba89bcfc0130c2919d8b4d1ab05c4a2db0f5059f334e1c15c3149d367f51d17863ae584a011e729895703
ssdeep: 12288:45XnMbjSijDTu7cENLNVCMFmwMsAYRFEge0:+cnBHTu7zhNVDANhYRFj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4D49D12B5E2A0F5D21417B019662736AA39EE470F31CFC39364FF5D2D731A0A6371AA
sha3_384: 4ed786381f3872d722d0c1222720b121593ffbb24b6d5acc97bd20ad6fbe32d9540b7b358d97970c195586f8e90870d8
ep_bytes: 558bec6aff68f0c347006864cd440064
timestamp: 2013-05-13 02:12:22

Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Trojan-Dropper.Win32.Agent.hnwd also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop4.37826
MicroWorld-eScanTrojan.GenericKD.50284941
FireEyeGeneric.mg.2fbc6f8def7186ac
McAfeeGenericRXAA-AA!2FBC6F8DEF71
CylanceUnsafe
VIPRETrojan.GenericKD.50284941
SangforTrojan.Win32.Agent.buxin
K7AntiVirusTrojan ( 005246d51 )
BitDefenderTrojan.GenericKD.50284941
K7GWAdware ( 004b87ea1 )
Cybereasonmalicious.def718
BitDefenderThetaGen:NN.ZexaF.34582.Nq1@ay5cLakb
VirITTrojan.Win32.Agent.BCIQ
CyrenW32/S-9a0e6078!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
ClamAVWin.Trojan.Agent-1322594
KasperskyTrojan-Dropper.Win32.Agent.hnwd
NANO-AntivirusTrojan.Win32.Agent.bxoqzl
RisingTrojan.Generic@AI.94 (RDMK:ZTrqTkx98Mxl7mEnyoA1Ew)
Ad-AwareTrojan.GenericKD.50284941
SophosGeneric ML PUA (PUA)
ComodoWorm.Win32.Dropper.RA@1qraug
McAfee-GW-EditionBehavesLike.Win32.Generic.jh
Trapminesuspicious.low.ml.score
EmsisoftTrojan.GenericKD.50284941 (B)
JiangminTrojanDropper.Agent.bnme
AviraTR/Drop.Agent.wdpah
Antiy-AVLTrojan/Generic.ASCommon.FA
KingsoftWin32.Troj.Agent.hn.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataWin32.Trojan.PSE.11UD6H7
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win32.Agent.R66178
VBA32TrojanDropper.Agent
ALYacTrojan.GenericKD.50284941
MAXmalware (ai score=87)
MalwarebytesPUP.Optional.ChinAd
PandaGeneric Malware
TencentMalware.Win32.Gencirc.10b1308c
YandexTrojan.DR.Agent!3t5HNBZCYgI
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.HNWD!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan-Dropper.Win32.Agent.hnwd?

Trojan-Dropper.Win32.Agent.hnwd removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment