Categories: Trojan

Trojan-Dropper.Win32.Agent.tetzrh removal guide

The Trojan-Dropper.Win32.Agent.tetzrh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Dropper.Win32.Agent.tetzrh virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Loads a driver
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
HTTPS urls from behavior.
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
A ping command was executed with the -n argument possibly to delay analysis
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
CAPE detected the RDPWrap malware family
Attempts to modify proxy settings
Attempts to create or modify system certificates
Attempts to interact with an Alternate Data Stream (ADS)
Modifies Terminal Server registry keys for persistence
Uses suspicious command line tools or Windows utilities
Uses XCOPY for copying files

How to determine Trojan-Dropper.Win32.Agent.tetzrh?


File Info:
name: 3AAD3A0E4F0A94F7CFD3.mlwpath: /opt/CAPEv2/storage/binaries/7c809ff23d6be924759e085f31d7e20e1effc81c3aa922b1ecbe1eebbd33ed86crc32: BC08E1EFmd5: 3aad3a0e4f0a94f7cfd3d44c09172a85sha1: 0bd5c1ac64ba8e3fd8d7121467a5677f53a8c739sha256: 7c809ff23d6be924759e085f31d7e20e1effc81c3aa922b1ecbe1eebbd33ed86sha512: 9b87fd87fec7706c40f790c0808b66ea8258bcadb27faeaa9f6b7650d04b5bb5c65363908de6d0acf6d0ace67ed39a9bba73c2c2af6631a41aee652100117ce5ssdeep: 49152:cQTXvx7SHJIuRbsF5eHW/icjsAO60axPwSf5e85nENegSMj0mtW/jG:c02Iuk6cxOmxPbhr50rQiW6type: PE32 executable (console) Intel 80386, for MS Windowstlsh: T117C523407EC0FDB0D3A53A704085E635A60E5E78DE2E34FB93DD3D4BB531358AA25269sha3_384: 22a0c016d169e1e78e5cd8841a55327d661d87b37b5542c23c27cdcd63a12fe2949c187b336d12fc2cc119b5d04b7000ep_bytes: 68ac00000068000000006868804100e8timestamp: 2018-02-01 20:18:05
Version Info:
0: [No Data]

Trojan-Dropper.Win32.Agent.tetzrh also known as:

Bkav	W32.AIDetect.malware2
Lionic	Riskware.Win32.Convagent.1!c
FireEye	Generic.mg.3aad3a0e4f0a94f7
McAfee	Artemis!3AAD3A0E4F0A
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Unwanted-Program ( 005553861 )
K7GW	Unwanted-Program ( 005553861 )
BitDefenderTheta	Gen:NN.ZexaF.34182.AwW@aCtG2Dn
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/RDPWrap.A potentially unsafe
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Dropper.Win32.Agent.tetzrh
Avast	Win32:Malware-gen
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Sophos	Generic PUA AL (PUA)
APEX	Malicious
GData	Win32.Backdoor.Danabot.RWVHUZ
ZoneAlarm	Trojan-Dropper.Win32.Agent.tetzrh
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3	Trojan/Win.Generic.C4839982
Acronis	suspicious
Rising	Malware.Heuristic!ET#99% (RDMK:cmRtazozOSWdkrbx6f8s7lgM9lO6)
SentinelOne	Static AI – Malicious PE
Fortinet	Malicious_Behavior.SB
AVG	Win32:Malware-gen