Trojan

Trojan.Win32.Agent.xanbud removal guide

Malware Removal

The Trojan.Win32.Agent.xanbud is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xanbud virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Czech
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Trojan.Win32.Agent.xanbud?



File Info:

name: EDE33E2E6429BC4D3975.mlw
path: /opt/CAPEv2/storage/binaries/0e38045e5a0e69450025be1ef23730838eab02ca06946613de34549697c802c5
crc32: DA6FF321
md5: ede33e2e6429bc4d3975334fc2ebb303
sha1: 1519821d9f878048fcbec4ce5dc74e3f62e70558
sha256: 0e38045e5a0e69450025be1ef23730838eab02ca06946613de34549697c802c5
sha512: 5d7faa77ea991f82df92f815a53cf34b75d9be02cba9637777a863d23f3aa2377876119cb25f3417b978839535cfc7865af0e1978393e4a45db1dd5e75305e56
ssdeep: 3072:B6JkHWGlvFLzsTwPD+qGL1y5S+d3DzTKHA4qzIRqMWA:cuHdBFLRPD+qG/+deg4qzIRqjA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14334AE1276D0D432C8E604319469D7F01B7AF87666A0898737B83B3F9FB02E0932A357
sha3_384: dc92d0ad66eabf956465db66300a6dee3df0efcdff123d84ad4de0d9aa7554ca53a895388c84f41bf81164c421f880a1
ep_bytes: e8ad5e0000e979feffff8bff51c70158
timestamp: 2020-11-10 20:08:12


Version Info:

FileVersion: 21.29.11.69
InternationalName: pomgveoci.iwe
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.70.57
Translations: 0x0127 0x010e

Trojan.Win32.Agent.xanbud also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38885897
FireEyeGeneric.mg.ede33e2e6429bc4d
McAfeePacked-GDT!EDE33E2E6429
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053d5971 )
BitDefenderTrojan.GenericKD.38885897
K7GWTrojan ( 0058bc0d1 )
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HOGI
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9938273-0
KasperskyTrojan.Win32.Agent.xanbud
AlibabaRansom:Win32/GandCrab.e61d41fd
RisingTrojan.Kryptik!8.8 (CLOUD)
EmsisoftTrojan.Crypt (A)
DrWebTrojan.DownLoader44.29818
TrendMicroTROJ_GEN.R002C0PB422
McAfee-GW-EditionBehavesLike.Win32.Swizzor.dt
SophosML/PE-A + Mal/Agent-AWV
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
Antiy-AVLTrojan/Generic.ASMalwS.35217A4
GridinsoftRansom.Win32.STOP.sa
MicrosoftRansom:Win32/StopCrypt.MK!MTB
GDataTrojan.GenericKD.38885897
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R470416
BitDefenderThetaGen:NN.ZexaF.34182.oq0@aa0dTiaK
ALYacTrojan.GenericKD.38885897
MAXmalware (ai score=84)
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0PB422
YandexTrojan.Kryptik!jL35nlrRzWI
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_95%
FortinetW32/GenKryptik.FQLP!tr
AVGWin32:RansomX-gen [Ransom]
AvastWin32:RansomX-gen [Ransom]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Agent.xanbud?

Trojan.Win32.Agent.xanbud removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment