Trojan

Trojan.Win32.Agent.xappfd removal tips

Malware Removal

The Trojan.Win32.Agent.xappfd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Agent.xappfd virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan.Win32.Agent.xappfd?


File Info:

name: 6B784BAD00E8B2A0AE01.mlw
path: /opt/CAPEv2/storage/binaries/ff0bced158a45c701270e7b80693e76c2a36a4307c8eadd4ed8dcbdbf4495dea
crc32: 6EACC426
md5: 6b784bad00e8b2a0ae01a30955f775e0
sha1: d2ff044b48be3d95cf470aa74cd866a683d1e003
sha256: ff0bced158a45c701270e7b80693e76c2a36a4307c8eadd4ed8dcbdbf4495dea
sha512: 3ef03503d494573aa7eac9d037e250c5f6c1b8890306a9339150074bd19e7e2d0d8c832f6bbcf90a4886aa0ae4575532ba2e23e74af11fcb75cee8e070a9275d
ssdeep: 24576:KLlgAiobvJWng9lE82M4KHKx9nto+xlSEgYrlDvm/F2MsmgIXZweH2TyV:KyCJiK65M4jBx0/YrlAwlIJvWTy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T152A535099187E27BFCED08E3495091D0C29C7FAA7B1289CDE93AC58A151F442F7B6D87
sha3_384: 11e3239158c831f45460be23f20bcc1886367feeb66d7195266621e0483acffcf604867ca49fe43bda502122c679a4cd
ep_bytes: e848050000e988feffff3b0d58154300
timestamp: 2020-06-25 10:38:29

Version Info:

0: [No Data]

Trojan.Win32.Agent.xappfd also known as:

MicroWorld-eScanTrojan.Uztuby.4
FireEyeGeneric.mg.6b784bad00e8b2a0
CAT-QuickHealW32.BrowserAssistant.B7
McAfeeArtemis!6B784BAD00E8
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005946b01 )
AlibabaTrojan:Win32/Qakbot.0241fa77
K7GWTrojan ( 005946b01 )
Cybereasonmalicious.b48be3
BaiduArchive.Bomb
CyrenW32/BrowserAssist.A.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
APEXMalicious
KasperskyTrojan.Win32.Agent.xappfd
BitDefenderTrojan.Uztuby.4
AvastWin32:Trojan-gen
RisingTrojan.Generic@AI.98 (RDML:Fdry9dX2UbmJEgOtGhQFLA)
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
EmsisoftTrojan.Uztuby.4 (B)
IkarusTrojan.Agent
GDataTrojan.Uztuby.4
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Uztuby.C5176653
Acronissuspicious
MAXmalware (ai score=61)
VBA32Malware-Cryptor.Limpopo
SentinelOneStatic AI – Suspicious PE
FortinetW32/Injector.EQUG!tr
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Agent.xappfd?

Trojan.Win32.Agent.xappfd removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment