Trojan

Trojan.Win32.Agent.xadfcu (file analysis)

Malware Removal

The Trojan.Win32.Agent.xadfcu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xadfcu virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Expresses interest in specific running processes
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Network activity contains more than one unique useragent.
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Trojan.Win32.Agent.xadfcu?



File Info:

name: 2694E8E3B69FAF6170C4.mlw
path: /opt/CAPEv2/storage/binaries/d447ccb83d9622468c412b93ead7ac4b790f7127add2f918c46b9318197c5cfe
crc32: B65530D2
md5: 2694e8e3b69faf6170c41aa69ae37975
sha1: e536105cc0e41ee9f73129aa258e98e2ef3e9efa
sha256: d447ccb83d9622468c412b93ead7ac4b790f7127add2f918c46b9318197c5cfe
sha512: 72043d9ea215779ca5680b43703fb94f39ce662431e24f1e191ca2075f19ae00441a8d4390eeb61fe6efb9b307cc841b8e3370d08372e888dafcecae0117c40e
ssdeep: 24576:vNGftD6/6D/OHE0cy0+NvGwrdWYaJsIm88D8H2dW7g6J/:AfR23cZ+FGwrdWYeSw2dW7g6J
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A73533F2890B0523E928D5BDFABC778245FBE812FFDC8199F705914A61F5EA0A4D90D0
sha3_384: 598c66759e8a10be189bc1c7db15b3fa4262880a020eb77865369a4c190729fae575a5d505f2c5500c2a0e1dd59cb34a
ep_bytes: 60be00c06e008dbe0050d1ff57eb0b90
timestamp: 2018-06-04 09:21:03


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 2.1.0.20
InternalName: shell.exe
LegalCopyright: Copyright (C) 2017
OriginalFilename: shell.exe
ProductName: TODO: 
ProductVersion: 2.1.0.20
Translation: 0x0804 0x04b0

Trojan.Win32.Agent.xadfcu also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanTrojan.GenericKD.31958774
FireEyeGeneric.mg.2694e8e3b69faf61
McAfeeArtemis!2694E8E3B69F
CylanceUnsafe
ZillyaTrojan.Agent.Win32.1287175
SangforTrojan.Win32.Agent.xadfcu
AlibabaTrojan:Win32/APTLazerus.ca56c06e
K7GWTrojan ( 00524aca1 )
K7AntiVirusTrojan ( 00524aca1 )
BitDefenderThetaGen:NN.ZexaF.34182.enKfaSgS04pj
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.ZIO
TrendMicro-HouseCallTROJ_GEN.R002C0PAV22
Paloaltogeneric.ml
ClamAVWin.Malware.Cqoj-9842458-0
KasperskyTrojan.Win32.Agent.xadfcu
BitDefenderTrojan.GenericKD.31958774
APEXMalicious
Ad-AwareTrojan.GenericKD.31958774
EmsisoftTrojan.GenericKD.31958774 (B)
ComodoMalware@#2wkat3ggqbxiz
DrWebTrojan.PWS.Siggen2.14051
TrendMicroTROJ_GEN.R002C0PAV22
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
JiangminTrojan.Generic.cofpx
AviraHEUR/AGEN.1137160
Antiy-AVLTrojan/Generic.ASMalwS.3489641
MicrosoftPWS:Win32/Zbot!ml
ViRobotTrojan.Win32.Z.Agent.1120768.H
GDataTrojan.GenericKD.31958774
CynetMalicious (score: 99)
VBA32suspected of Trojan.Downloader.gen
ALYacTrojan.GenericKD.31958774
MalwarebytesMalware.AI.4028678471
AvastWin32:Malware-gen
RisingTrojan.Agent!8.B1E (CLOUD)
YandexTrojan.GenAsa!UHTxwww5mjw
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Agent.ZIO!tr
AVGWin32:Malware-gen
Cybereasonmalicious.3b69fa
PandaTrj/CI.A

How to remove Trojan.Win32.Agent.xadfcu?

Trojan.Win32.Agent.xadfcu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment