Trojan

Trojan.Win32.Agent.xanaqj malicious file

Malware Removal

The Trojan.Win32.Agent.xanaqj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xanaqj virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Tunisia)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Trojan.Win32.Agent.xanaqj?



File Info:

name: E343E8C5DBCF0FA5A81C.mlw
path: /opt/CAPEv2/storage/binaries/666922d50693b33ad4737347244f6e675789d69231d1b36c1d206a216852ce41
crc32: 23A070FF
md5: e343e8c5dbcf0fa5a81c609f4dbbed78
sha1: b983f01001205b35a9ceeef8b2913bcd83582b5b
sha256: 666922d50693b33ad4737347244f6e675789d69231d1b36c1d206a216852ce41
sha512: 59d7a558d0f4db5cdbfff371cb4b0c22bb39b0a1eb85c95c391ffd3e4db50e8aff948271b782fd8f1c511b457c2e7493d9a427237e9525d622e27df0f495fe3d
ssdeep: 3072:dVEMfkiXq3Zv6LbeYZq8umVI5CKOrfT7IHV:DEMfkiXgd6LNq8qWf4HV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F834BE203AD0D032C4E275345861CBA55EBBB832D6B5858B7BB8173E9F707E0972635B
sha3_384: 105bb919840082a7337a324d5b4c4352173d26cb977abff68e98c90eec2d560ecfb37c57a79d712d7c203d27d8e60775
ep_bytes: e85d5c0000e979feffff8325845fc102
timestamp: 2021-04-08 15:36:17


Version Info:

FileVersion: 21.29.11.69
InternationalName: pomgveoci.iwe
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.70.57
Translations: 0x0127 0x010e

Trojan.Win32.Agent.xanaqj also known as:

LionicTrojan.Win32.SmartFortress.lEDV
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.31726
MicroWorld-eScanTrojan.GenericKD.38865304
FireEyeGeneric.mg.e343e8c5dbcf0fa5
McAfeePacked-GDT!E343E8C5DBCF
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/GandCrab.606f3735
K7GWTrojan ( 0058bc0d1 )
K7AntiVirusTrojan ( 0053d5971 )
BitDefenderThetaGen:NN.ZexaF.34212.oq0@aGYENXnK
CyrenW32/Injuke.M.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HOFV
TrendMicro-HouseCallRansom_StopCrypt.R002C0DB622
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9938273-0
KasperskyTrojan.Win32.Agent.xanaqj
BitDefenderTrojan.GenericKD.38865304
AvastWin32:CrypterX-gen [Trj]
Ad-AwareTrojan.GenericKD.38865304
EmsisoftTrojan.Crypt (A)
TrendMicroRansom_StopCrypt.R002C0DB622
McAfee-GW-EditionBehavesLike.Win32.Lockbit.dm
SophosML/PE-A + Mal/Agent-AWV
IkarusTrojan.Win32.Crypt
GDataTrojan.GenericKD.38865304
AviraTR/Crypt.Agent.izuqb
MAXmalware (ai score=87)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/StopCrypt.PAV!MTB
CynetMalicious (score: 100)
AhnLab-V3Infostealer/Win.SmokeLoader.R470161
VBA32Trojan.Convagent
ALYacTrojan.GenericKD.38865304
MalwarebytesTrojan.MalPack.GS
APEXMalicious
RisingTrojan.Raccrypt!8.12B71 (CLOUD)
SentinelOneStatic AI – Suspicious PE
FortinetPossibleThreat.PALLAS.H
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A

How to remove Trojan.Win32.Agent.xanaqj?

Trojan.Win32.Agent.xanaqj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment