Trojan

Trojan.Win32.Agent.xahaha (file analysis)

Malware Removal

The Trojan.Win32.Agent.xahaha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xahaha virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Trojan.Win32.Agent.xahaha?



File Info:

crc32: 87553574
md5: 4c9b6cc15693d226086df4c38b1e55b7
name: 4C9B6CC15693D226086DF4C38B1E55B7.mlw
sha1: 3a47e25334b6b7c1a2723042882ef902e41263b4
sha256: 8bd2c3eb89c04e873ab86637bb02db2374c006c7ca78855287e69a292e80671a
sha512: 3dee944f9dbc4ba4d6fa3cc5ca203a5303aa8fb60287c52969a910707adb99098bbd9c44c37c64f468a6cdb7f7598b04d9b42a14a0fd67f58e004718cf6f0f9a
ssdeep: 768:+R66nHJSYJf9AB9sQB8oAp9gCMGl8z/FB6lnKRz6xXBSuOHeDyNyoE9OP6wY:46Y9APsQB2D6z/h6SuDOEa6v
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: Copyright xa9 2016-2021 Proton Clear
InternalName: expositress
FileVersion: 1.00
CompanyName: Proton Clear Inc.
LegalTrademarks: Copyright xa9 2016-2021 Proton Clear
Comments: Proton Clear
ProductName: Proton Clear
ProductVersion: 1.00
FileDescription: ProtonClear
OriginalFilename: expositress.exe

Trojan.Win32.Agent.xahaha also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.36399021
Qihoo-360Win32/Trojan.Generic.HwMAjccA
McAfeePWS-FCVE!4C9B6CC15693
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 005661971 )
BitDefenderTrojan.GenericKD.36399021
K7GWTrojan-Downloader ( 005661971 )
BitDefenderThetaGen:NN.ZevbaF.34590.fm0@aSvRRgmi
CyrenW32/Kryptik.DCA.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan.Win32.Agent.xahaha
AlibabaTrojanDownloader:Win32/VBObfuse.e7955199
NANO-AntivirusTrojan.Win32.Inject.immhuq
RisingDownloader.Agent!8.B23 (CLOUD)
Ad-AwareTrojan.GenericKD.36399021
EmsisoftTrojan.GenericKD.36399021 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.mm
FireEyeGeneric.mg.4c9b6cc15693d226
SophosMal/Generic-S + Troj/Zbot-PHP
IkarusTrojan.VB.Crypt
KingsoftWin32.Troj.Agent.(kcloud)
MicrosoftTrojan:Win32/VBObfuse.SS!MTB
GridinsoftTrojan.Win32.Downloader.sa
ArcabitTrojan.Generic.D22B67AD
ZoneAlarmTrojan.Win32.Agent.xahaha
GDataTrojan.GenericKD.36399021
CynetMalicious (score: 90)
ALYacTrojan.GenericKD.36399021
MAXmalware (ai score=86)
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/GdSda.A
ESET-NOD32Win32/TrojanDownloader.Agent.FCS
YandexTrojan.AvsArher.bTx33N
eGambitUnsafe.AI_Score_98%
FortinetW32/EORQ!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Agent.xahaha?

Trojan.Win32.Agent.xahaha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment