Trojan

Trojan.Win32.Agent.xaljdq removal guide

Malware Removal

The Trojan.Win32.Agent.xaljdq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xaljdq virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Ecuador)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Trojan.Win32.Agent.xaljdq?



File Info:

name: 98F444D9AC782ACFE449.mlw
path: /opt/CAPEv2/storage/binaries/a7ff8da851917902fb2e459981db15963c7a0d2781c3e631279a41fbe08ab965
crc32: 03835158
md5: 98f444d9ac782acfe449ae0f7160ac44
sha1: b8a325410d2e406c2a3781d2f017f46ab2f98ffd
sha256: a7ff8da851917902fb2e459981db15963c7a0d2781c3e631279a41fbe08ab965
sha512: ab06e9c52813d58590704f737e2d0f0663278903ead31d799276ef519bae809aff756862a9f2e7fd0a725dc8a9ebe23e15ccf51fe7572fa0ed23bb26893d5997
ssdeep: 3072:ZiHdsJyaUWIsk87Zt5UNMTnDsfMhsZVggjcGkNIVqIz52:ZByaUtROTwffb7ITsqn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C204AED176E1C671C1E37E3054209BE40E7BBBA1DA70554BB77913AE1F722C09A26F22
sha3_384: 85b1bef375305beb6e20b9ef72fc4a16413e3bb8299bbe5af49c0d00fad53a77466c20d979822cce981cefb1ea019e79
ep_bytes: e8a3370000e978feffffcccccccccccc
timestamp: 2020-09-17 14:33:15


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 23.54.77.27
Translation: 0x0127 0x046a

Trojan.Win32.Agent.xaljdq also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Agent
ALYacTrojan.GenericKDZ.81643
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058bb6e1 )
AlibabaTrojan:Win32/Azorult.69e3b863
K7GWTrojan ( 0058bb6e1 )
Cybereasonmalicious.10d2e4
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNQP
APEXMalicious
AvastWin32:CrypterX-gen [Trj]
ClamAVWin.Dropper.Tepfer-9916200-0
KasperskyTrojan.Win32.Agent.xaljdq
BitDefenderTrojan.GenericKDZ.81643
NANO-AntivirusTrojan.Win32.Kryptik.jjduza
ViRobotTrojan.Win32.Z.Stopcrypt.185344.B
MicroWorld-eScanTrojan.GenericKDZ.81643
TencentTrojan-Spy.Win32.Stealer.16000121
Ad-AwareTrojan.GenericKDZ.81643
SophosMal/Generic-S + Mal/Agent-AWV
ComodoTrojWare.Win32.Agent.wivnx@0
DrWebTrojan.Siggen16.4239
TrendMicroTROJ_FRS.0NA103LD21
McAfee-GW-EditionBehavesLike.Win32.Trojan.ch
FireEyeGeneric.mg.98f444d9ac782acf
EmsisoftTrojan.Crypt (A)
IkarusTrojan-Ransom.StopCrypt
GDataWin32.Trojan.BSE.13HWNF8
JiangminExploit.ShellCode.fxc
WebrootW32.Malware.Gen
Antiy-AVLTrojan/Generic.ASMalwS.34EB77F
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D13EEB
MicrosoftTrojan:Win32/Azorult.RMA!MTB
AhnLab-V3CoinMiner/Win.Glupteba.R457880
Acronissuspicious
McAfeePacked-GEE!98F444D9AC78
MAXmalware (ai score=88)
VBA32Malware-Cryptor.2LA.gen
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTROJ_FRS.0NA103LD21
RisingTrojan.Generic@ML.93 (RDMK:6TB392WjcndqLpFrVYcGeA)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_56%
FortinetW32/Kryptik.HNQP!tr
BitDefenderThetaGen:NN.ZexaF.34114.lu0@aGvA1cUG
AVGWin32:CrypterX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.Win32.Agent.xaljdq?

Trojan.Win32.Agent.xaljdq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment