Trojan

Trojan.Win32.Agentb.juwq malicious file

Malware Removal

The Trojan.Win32.Agentb.juwq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Agentb.juwq virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Sniffs keystrokes
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

1122.haoqing.me
ip.yototoo.com

How to determine Trojan.Win32.Agentb.juwq?



File Info:

crc32: CA046947
md5: e6946c3406833f5ecb3c36250fc6d889
name: temp.exe
sha1: 62e5b05f5565ec14014e252e2b847b24cbe58bdd
sha256: 3f26c66c5bc1edafda85dd7358b7f2075f637f75c6a6dc0d8c7ccbf19354d08a
sha512: c28607d1efb4152d8b67fa3e286b0d0b4707fd87d14159f7cbcf0c14e9578e16f765eb2f13aeb1f736aa0585f351bf13e30c319447e4766585a26ecd62a2039e
ssdeep: 3072:EztC+NCiKGQ2xtlYIIn5tCBuGD0s55FBNIKO9Mq4M+WSGMkrY9iiLDmZFCPdbnvG:EFE+dIGNIZWqBYrgyK
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Wmiprvse.exe
FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 10.0.14393.0
FileDescription: WMI Provider Host
OriginalFilename: Wmiprvse.exe
Translation: 0x0804 0x04b0

Trojan.Win32.Agentb.juwq also known as:

MicroWorld-eScanTrojan.Autoruns.GenericKDS.32636112
CAT-QuickHealTrojan.Multi
McAfeeRDN/Generic.rp
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.Autoruns.GenericKDS.32636112
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (W)
TrendMicroTROJ_GEN.R002C0PJT19
CyrenW32/Trojan.BIWZ-3014
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Fusing.AA
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agentb.juwq
AlibabaTrojan:Win32/GenKryptik.fcc7ba54
RisingTrojan.GenKryptik!8.AA55 (KTSE)
Ad-AwareTrojan.Autoruns.GenericKDS.32636112
EmsisoftTrojan.Autoruns.GenericKDS.32636112 (B)
ComodoApplication.Win32.Lollipop.E@5il8ga
F-SecureTrojan.TR/Kryptik.nuuhu
ZillyaTrojan.GenKryptik.Win32.36177
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Backdoor.cc
FortinetW32/Kryptik.FTMV!tr
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.e6946c3406833f5e
SophosMal/Generic-L
IkarusTrojan.Win32.Krypt
F-ProtW32/Autoruns.F
JiangminTrojan.Chapak.baq
WebrootW32.Trojan.Gen
AviraTR/Kryptik.nuuhu
MAXmalware (ai score=87)
Antiy-AVLTrojan/Win32.Azden
Endgamemalicious (high confidence)
ArcabitTrojan.Autoruns.GenericS.D1F1FCD0
ViRobotTrojan.Win32.Z.Autoruns.155659
ZoneAlarmTrojan.Win32.Agentb.juwq
MicrosoftTrojan:Win32/Occamy.C
AhnLab-V3Malware/Win32.Generic.C3531812
Acronissuspicious
VBA32Trojan.Azden
ALYacTrojan.Autoruns.GenericKDS.32636112
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0PJT19
YandexTrojan.Agent!xaUAFHgb2vs
SentinelOneDFI – Malicious PE
GDataTrojan.Autoruns.GenericKDS.32636112
BitDefenderThetaGen:NN.ZexaF.32519.ju1@aeln8Onb
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
Qihoo-360HEUR/QVM10.2.CD61.Malware.Gen

How to remove Trojan.Win32.Agentb.juwq?

Trojan.Win32.Agentb.juwq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment