Trojan

About “Trojan.Win32.Agent.xbnwah” infection

Malware Removal

The Trojan.Win32.Agent.xbnwah is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agent.xbnwah virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan.Win32.Agent.xbnwah?



File Info:

name: 02299A0430588E5EADAA.mlw
path: /opt/CAPEv2/storage/binaries/435f010c3f196118c84cf04028dc52ff3f6d8c49352cba9218074de80f2c7e8d
crc32: 23BDDF40
md5: 02299a0430588e5eadaaa3245b1181ff
sha1: 10ed5b8bb6169b6564d13d1268554ee6ff5f23a0
sha256: 435f010c3f196118c84cf04028dc52ff3f6d8c49352cba9218074de80f2c7e8d
sha512: 2d51aed6c7c8de08a9e307fa15c5883a8985c75b0a9974e896fd3a930fed25be2020dca734b8725d945ff01dd03ebd37e1527102b8ac07f591f21166d6ea8996
ssdeep: 3072:f4kHAkodL0r/d4lZWihn8sNzRlvnqnxiu4:f4goSl4lh88zRlPqnxiu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10E048F628970BB13E951093517E06BFB801D3C2F4BE5060A7CAEDA5F3763D9A349F942
sha3_384: f8ee19d9f0d1a5e32a1369c38baff36a4c599acfa7730ae98f2386585ab224d6c10f612c3dc02522d0e12e832217142a
ep_bytes: 68c0914200e8f0ffffffcd0000000000
timestamp: 2019-04-26 10:28:09


Version Info:

Translation: 0x0804 0x04b0
Com๰anyName: aa
ProductName: Kawaii-Unicorn
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Kawaii-Unicorn
OriginalFilename: Kawaii-Unicorn.exe

Trojan.Win32.Agent.xbnwah also known as:

BkavW32.AIDetectMalware
DrWebTrojan.MulDrop17.61497
MicroWorld-eScanGen:Variant.Zusy.490375
CAT-QuickHealTrojan.MuldVMF.S21469993
SkyhighBehavesLike.Win32.Generic.ct
McAfeeGenericRXHC-SS!02299A043058
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7GWP2PWorm ( 00581a9e1 )
K7AntiVirusP2PWorm ( 00581a9e1 )
BitDefenderThetaAI:Packer.C0E1421B20
VirITTrojan.Win32.VBUCornT.DRP
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/GenKryptik.FNGV
APEXMalicious
ClamAVWin.Malware.Midie-6847893-0
KasperskyTrojan.Win32.Agent.xbnwah
BitDefenderGen:Variant.Zusy.490375
NANO-AntivirusTrojan.Win32.Banker1.fnwqkb
AvastWin32:VB-AJKU [Trj]
RisingTrojan.VBClone!1.E032 (CLASSIC)
EmsisoftGen:Variant.Zusy.490375 (B)
GoogleDetected
F-SecureTrojan.TR/Crypt.XPACK.Gen
VIPREGen:Variant.Zusy.490375
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.02299a0430588e5e
SophosMal/VB-AQT
SentinelOneStatic AI – Malicious PE
JiangminTrojan.VB.aqyg
VaristW32/VB_Troj.J.gen!Eldorado
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Win32.Wacatac.b
MicrosoftTrojanDropper:Win32/Muldrop.V!MTB
ArcabitTrojan.Zusy.D77B87
ZoneAlarmTrojan.Win32.Agent.xbnwah
GDataWin32.Trojan.VBClone.B
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.R628107
VBA32SScope.Trojan.VB
ALYacGen:Variant.Zusy.490375
TACHYONTrojan/W32.VB-Agent.188495.E
Cylanceunsafe
TencentTrojan.Win32.VB.ko
YandexTrojan.Agent!IGpZDJONEdc
IkarusTrojan.Crypt
MaxSecureVirus.W32.GenericML.xnet
FortinetW32/VBClone.D!tr
AVGWin32:VB-AJKU [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Agent.xbnwah?

Trojan.Win32.Agent.xbnwah removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment