Trojan

Trojan.Win32.Agent.xaddao removal tips

Malware Removal

The Trojan.Win32.Agent.xaddao is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xaddao virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Trojan.Win32.Agent.xaddao?



File Info:

crc32: B52D364A
md5: 1c89b566a922ed59b74fbebd747ee87b
name: xmR4fQgM3KQXLuvKd.exe
sha1: 9d9abd77c5811b0a09341e5a396d918a46a11f74
sha256: 4bfe37cf3373329ee2927964b9155b500bc12ba31176455d10ac34a94b37aca3
sha512: 1d430da0a61c98ef134541811374ad02b8e439fc83fd0c33f447c8af8dd55e55672686d0485ae9428a3e0f9bd3db99e349009b87c6415073cae38bbd14c44aa9
ssdeep: 6144:Emew+LtrHxpcZSiRfaVkR/hHULrEqnNkGkDQmEONWJMp3ktcq/Pxx3el:E5THwZSiFaVg/huIqnNfkENJTcazel
type: MS-DOS executable, MZ for MS-DOS


Version Info:

LegalCopyright: Copyright (C) 2003
InternalName: ImageTool
FileVersion: 1, 0, 0, 1
CompanyName: 
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: ImageTool Application
SpecialBuild: 
ProductVersion: 1, 0, 0, 1
FileDescription: ImageTool MFC Application
OriginalFilename: ImageTool.EXE
Translation: 0x0409 0x04b0

Trojan.Win32.Agent.xaddao also known as:

MicroWorld-eScanTrojan.GenericKD.33011653
FireEyeGeneric.mg.1c89b566a922ed59
McAfeeGenericRXAA-AA!1C89B566A922
VIPRETrojan.Win32.Generic!BT
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.33011653
CrowdStrikewin/malicious_confidence_100% (W)
TrendMicroTROJ_GEN.R011C0DB220
F-ProtW32/Trickbot.CM.gen!Eldorado
SymantecTrojan Horse
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Trojan.Emotet-7571248-1
GDataTrojan.GenericKD.33011653
KasperskyTrojan.Win32.Agent.xaddao
AlibabaTrojan:Win32/Emotet.6bdab23b
ViRobotTrojan.Win32.Emotet.354304
AegisLabRiskware.Win32.Generic.1!c
TencentWin32.Trojan.Agent.Eanx
Ad-AwareTrojan.GenericKD.33011653
EmsisoftTrojan.Emotet (A)
F-SecureTrojan.TR/AD.Emotet.ybjyw
DrWebTrojan.DownLoader32.54690
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Rontokbro.fc
Trapminemalicious.high.ml.score
CMCVirus.Win32.Sality!O
SophosTroj/Emotet-CHC
IkarusTrojan-Banker.Emotet
CyrenW32/Trickbot.CM.gen!Eldorado
JiangminTrojan.Banker.Emotet.nfj
WebrootW32.Trojan.Gen
AviraTR/AD.Emotet.ybjyw
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D1F7B7C5
ZoneAlarmTrojan.Win32.Agent.xaddao
MicrosoftTrojan:Win32/Emotet!rfn
AhnLab-V3Trojan/Win32.Emotet.C3976655
BitDefenderThetaGen:NN.ZexaF.34084.vmvaaOB@MEhi
ALYacTrojan.Agent.Emotet
MAXmalware (ai score=88)
VBA32TrojanBanker.Emotet
MalwarebytesTrojan.Emotet
PandaTrj/Genetic.gen
ESET-NOD32Win32/Emotet.BN
TrendMicro-HouseCallTROJ_GEN.R011C0DB220
RisingTrojan.Kryptik!8.8 (CLOUD)
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_97%
FortinetW32/TrickBot.CM!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.7c5811
Paloaltogeneric.ml
MaxSecureTrojan.Malware.11417434.susgen

How to remove Trojan.Win32.Agent.xaddao?

Trojan.Win32.Agent.xaddao removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment