Categories: Trojan

About “Trojan-Dropper.Win32.Agent.tettvy” infection

The Trojan-Dropper.Win32.Agent.tettvy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Dropper.Win32.Agent.tettvy virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Anomalous file deletion behavior detected (10+)
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Transacted Hollowing
CAPE detected the CryptBot malware family
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Trojan-Dropper.Win32.Agent.tettvy?


File Info:
name: A621A88F1FA33D92D95E.mlwpath: /opt/CAPEv2/storage/binaries/6f0d318f05c8624de746badd6db741632f17e2e022ff6fb1e02f8aff06ec7713crc32: 950B8723md5: a621a88f1fa33d92d95eea1a0b77e168sha1: 8aa078b30aaf08c0180cf010190cbc990548ceadsha256: 6f0d318f05c8624de746badd6db741632f17e2e022ff6fb1e02f8aff06ec7713sha512: 05fa0bbc4861edea80adfc89faf0eb8863accf404f127d4d3d812695d47208d82f9b4063b4a4c6286966bc8ec4fbcba2c690a3f81a4a5703672ae78368ff65e4ssdeep: 98304:/Pdx/6o/EJ6N6ExIxrnumYq12lGoMH+4QECiJIrLy8IFrWpUttY1HD4asOOb:/L6ocnTcvEJIrW8etttY1HDmOObtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T17D46AD2326CAEC6BC56E0571662F97DE71287E75CBA194CB53C8F92D07B48C21232D27sha3_384: 3f15b7d37539d2a94e3eeba918989ef12e71305f9f47f6c7920f219cd8f01aa8ee892457e3f40f87e0be9ba353838e83ep_bytes: e86c060000e97afeffffcccccccccc51timestamp: 2021-09-21 12:31:37
Version Info:
CompanyName: SIL InternationalFileDescription: Active UI Engine InstallerFileVersion: 3.0.2.3InternalName: UIEngineLegalCopyright: Copyright (C) 2021 SIL InternationalOriginalFileName: UIEngine.exeProductName: Active UI EngineProductVersion: 3.0.2.3Translation: 0x0409 0x04b0

Trojan-Dropper.Win32.Agent.tettvy also known as:

Bkav	W32.AIDetect.malware1
MicroWorld-eScan	Trojan.GenericKD.47354390
FireEye	Trojan.GenericKD.47354390
ESET-NOD32	multiple detections
Kaspersky	Trojan-Dropper.Win32.Agent.tettvy
BitDefender	Trojan.GenericKD.47354390
Ad-Aware	Trojan.GenericKD.47354390
Emsisoft	Trojan.GenericKD.47354390 (B)
Avira	HEUR/AGEN.1145770
Kingsoft	Win32.Troj.Agent.(kcloud)
Microsoft	Trojan:Win32/Tnega!ml
GData	Trojan.GenericKD.47354390
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.47354390
MAX	malware (ai score=82)
VBA32	Trojan.Sabsik.FL
Yandex	Trojan.PWS.Agensla!Z+iXxMsbzZQ
Ikarus	Trojan-Spy.Win32.CoinStealer
AVG	Win32:DangerousSig [Trj]
Avast	Win32:DangerousSig [Trj]