Trojan

Trojan.Win32.Agent.xaitwm information

Malware Removal

The Trojan.Win32.Agent.xaitwm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Win32.Agent.xaitwm virus can do?

  • Attempts to connect to a dead IP:Port (3 unique times)
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Anomalous binary characteristics

Related domains:

filedn.com
ocsp.comodoca.com
crl.comodoca.com
ocsp.usertrust.com
crl.usertrust.com

How to determine Trojan.Win32.Agent.xaitwm?


File Info:

crc32: D47B1823
md5: 8de49a1af0d83d2046d7259496d5cefc
name: 8DE49A1AF0D83D2046D7259496D5CEFC.mlw
sha1: 68366c7cf5820cd2ea9f261a3ec37c63ac6454db
sha256: 303c1ba7cbe49aabf29b452c33450c0ce8edb24abcf649469d145e4befd3eda3
sha512: 9840f1a1e1822860117cb7b481983dd4dceb0a9c44ad27556447600a6d2a6befbf366d02ac3161524a04f708091e0994a7ea9c3f011f523b806ca318e264fb0b
ssdeep: 49152:GC2lJmXbj5DIwbQea1LPEyK7r385JD3d6cIWhY:GzlkbFDVrQMyOr3S3d6cLhY
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Setup Engine Copyright xa9 2004-2015 Indigo Rose Corporation
InternalName: suf_launch
FileVersion: 9.5.0.0
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
Comments: Created with Setup Factory
ProductName: Setup Factory Runtime
ProductVersion: 9.5.0.0
FileDescription: Setup Application
OriginalFilename: suf_launch.exe
Translation: 0x0409 0x04e4

Trojan.Win32.Agent.xaitwm also known as:

DrWebBackDoor.IRC.Bot.3329
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.47074910
CylanceUnsafe
SangforTrojan.Win32.Agent.xaitwm
Cybereasonmalicious.cf5820
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan.Win32.Agent.xaitwm
BitDefenderTrojan.GenericKD.47074910
ViRobotTrojan.Win32.Z.Agent.1831653.A
MicroWorld-eScanTrojan.GenericKD.47074910
TencentWin32.Trojan.Agent.Efuy
Ad-AwareTrojan.GenericKD.47074910
SophosMal/Generic-R
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
FireEyeGeneric.mg.8de49a1af0d83d20
EmsisoftTrojan.GenericKD.47074910 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Agent.qovzm
eGambitUnsafe.AI_Score_99%
MicrosoftTrojan:Win32/Wacatac.A!ml
ArcabitTrojan.Generic.D2CE4E5E
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
GDataTrojan.GenericKD.47074910
AhnLab-V3Malware/Win.Malware-gen.C4653701
McAfeeArtemis!8DE49A1AF0D8
MAXmalware (ai score=80)
VBA32Trojan.Agent
MalwarebytesAdware.IndiLoadz
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002H0CIT21
FortinetW32/Agent.XAITWM!tr
AVGWin32:Malware-gen

How to remove Trojan.Win32.Agent.xaitwm?

Trojan.Win32.Agent.xaitwm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment