Trojan

Trojan-Dropper.Win32.Agent.tetzvh (file analysis)

Malware Removal

The Trojan-Dropper.Win32.Agent.tetzvh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Dropper.Win32.Agent.tetzvh virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • CAPE detected the EnigmaStub malware family
  • Checks the version of Bios, possibly for anti-virtualization
  • Anomalous binary characteristics

How to determine Trojan-Dropper.Win32.Agent.tetzvh?



File Info:

name: 4D4EC7A49D6A50A73388.mlw
path: /opt/CAPEv2/storage/binaries/6680e8dfcdd9187bb601a2df1256567b07977053bd25d948b0c0e264219a225a
crc32: E80C6BC6
md5: 4d4ec7a49d6a50a733889e89bb047efd
sha1: 12d488e7241a1da4048f0a36145ed12d3180402a
sha256: 6680e8dfcdd9187bb601a2df1256567b07977053bd25d948b0c0e264219a225a
sha512: f255bd0997ffe4b4f5becf3aec4a022d29b8d18c89b82749d9c6d7267a726f44cba64cd2344d5841d612b97e8467e10046da230f6b511ff6fa35ae83696a1162
ssdeep: 393216:5RB+A/KOxzNHBWKlNSIK2e0VUR6RjHgT4aihZXS+:B+m3hNH5lY5N0VPtg+nC+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T197F633E17BA81303C47B6F33D4F19BB1363BE402A7538AAB1A9857B51E30FB095126D5
sha3_384: 4cdab36318962eccadc3037407c5a2c16cbee914c906f306fc8463353d0cb95c80ec6e410b0bcd7ff6af653f513cd63a
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2021-12-10 09:49:30


Version Info:

0: [No Data]

Trojan-Dropper.Win32.Agent.tetzvh also known as:

MicroWorld-eScanTrojan.GenericKD.38258645
FireEyeGeneric.mg.4d4ec7a49d6a50a7
McAfeeArtemis!4D4EC7A49D6A
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005835da1 )
K7GWTrojan ( 005835da1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
ClamAVWin.Packed.Pwsx-9937513-0
KasperskyTrojan-Dropper.Win32.Agent.tetzvh
BitDefenderTrojan.GenericKD.38258645
AvastWin32:Malware-gen
SophosGeneric ML PUA (PUA)
ZillyaDropper.Agent.Win32.469011
McAfee-GW-EditionArtemis
EmsisoftTrojan.GenericKD.38258645 (B)
IkarusPUA.Packed.Enigma
AviraHEUR/AGEN.1142960
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASBOL.C669
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmTrojan-Dropper.Win32.Agent.tetzvh
GDataTrojan.GenericKD.38258645
CynetMalicious (score: 99)
AhnLab-V3Malware/Win.Malware-gen.C4787430
VBA32Trojan.Zpevdo
MalwarebytesTrojan.MalPack
APEXMalicious
RisingPUF.Pack-Enigma!1.BA33 (RDMK:cmRtazpbvTUo29Bb1Q3MjSq+AO/V)
YandexTrojan.DR.Agent!YIGJLMKLFVI
FortinetRiskware/Application
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan-Dropper.Win32.Agent.tetzvh?

Trojan-Dropper.Win32.Agent.tetzvh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment