Trojan

Trojan.Win32.Agent.xadzqs (file analysis)

Malware Removal

The Trojan.Win32.Agent.xadzqs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xadzqs virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the IcedIDStage1 malware family
  • Anomalous binary characteristics

How to determine Trojan.Win32.Agent.xadzqs?



File Info:

name: 09606552E0B4ABB39644.mlw
path: /opt/CAPEv2/storage/binaries/1f879f0f2f9719a6ec89f6d1800f2f6c990b483d53c9d675410a6c10128886b1
crc32: 20F6F761
md5: 09606552e0b4abb396448a9754acb18f
sha1: fde5dd1c0b6fc872edeb69b1a98f12876f59676f
sha256: 1f879f0f2f9719a6ec89f6d1800f2f6c990b483d53c9d675410a6c10128886b1
sha512: b5d19b874634761b84a0cdf1d5f283a048aa3144c316ea2165b645ca1ba165bd5da5d50649568669fa424a28b103bb3ddca949ef719716aec87bd5cf27bb2a75
ssdeep: 12288:GNl4OO3+uEbcvl7Q2ifBY2yZht787NmUzh:/jE4vl7y2hJ8tzh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10D8528623284CED2F3A217718A1C91785B26AF5177054AC27DA73F6F8EB0678851C2DF
sha3_384: 17f7643aa184a34b817ca3d1d35e95dfebf88884e9c8d66a93b71a733f367816946df334846ae9a6e25aa1d16c157289
ep_bytes: e851530000e979feffff6a0c68b0bc02
timestamp: 2009-06-20 21:43:04


Version Info:

CompanyName: Successpaint
FileDescription: Pieceneck
FileVersion: 12.1.69.75
InternalName: Pieceneck
LegalCopyright: Licensed under the GNU GPL, v3.
OriginalFilename: Pieceneck.exe
ProductName: Pieceneck
ProductVersion: 12.1.69.75
Translation: 0x0409 0x04b0

Trojan.Win32.Agent.xadzqs also known as:

LionicTrojan.Win32.Generic.4!c
DrWebTrojan.IcedID.27
MicroWorld-eScanGen:Heur.Mint.Zard.52
FireEyeGeneric.mg.09606552e0b4abb3
McAfeeArtemis!09606552E0B4
MalwarebytesTrojan.Injector
ZillyaTrojan.Agent.Win32.1347667
SangforSuspicious.Win32.SpikeAex.rhh_pid
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Kryptik.be1ce8f0
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.2e0b4a
VirITTrojan.Win32.Genus.CHB
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Kryptik.HEYO
TrendMicro-HouseCallTROJ_FRS.0NA103FT20
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.xadzqs
BitDefenderGen:Heur.Mint.Zard.52
NANO-AntivirusTrojan.Win32.IcedID.irhczl
AvastWin32:Malware-gen
TencentWin32.Trojan.Agent.Frs
EmsisoftGen:Heur.Mint.Zard.52 (B)
ComodoMalware@#f9gbprnyrtol
VIPRETrojan.Win32.Zbot.jb (v)
TrendMicroTROJ_FRS.0NA103FT20
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Agent.cusi
WebrootW32.AGent.xadzqs
AviraTR/AD.PhotoDlder.pgzbl
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASSuf.2DDC0
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Ymacco.AA1F
ViRobotTrojan.Win32.Z.Agent.1773056.O
ZoneAlarmTrojan.Win32.Agent.xadzqs
GDataGen:Heur.Mint.Zard.52
CynetMalicious (score: 99)
VBA32Trojan.Agent
CylanceUnsafe
APEXMalicious
RisingTrojan.Ymacco!8.11BE1 (CLOUD)
YandexTrojan.Kryptik!O3Ike6/mvMg
IkarusTrojan-Banker.IcedID
FortinetW32/Generik.EXXKZVR!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Agent.xadzqs?

Trojan.Win32.Agent.xadzqs removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment