Trojan

What is “Trojan.Win64.Agentb.bid”?

Malware Removal

The Trojan.Win64.Agentb.bid is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Win64.Agentb.bid virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan.Win64.Agentb.bid?


File Info:

name: 8E2948259014BEE6C960.mlw
path: /opt/CAPEv2/storage/binaries/e9622f9addbdf806654246c2b42ef5bf5d50c0646362f9fc24bf564798164db3
crc32: 43380275
md5: 8e2948259014bee6c96050322a7bddc6
sha1: 960efdd8c1139611e25f0fff18f05b87accf1e20
sha256: e9622f9addbdf806654246c2b42ef5bf5d50c0646362f9fc24bf564798164db3
sha512: 7687c95fa3be1cba5b7857e5a0122fe9360f4ebb177c0d9ae498769398fc423b03c22a24cfa9e4acbab7638fc31db077484299d7a887930634a471b838b3fcaf
ssdeep: 6144:+H6Tit8liKoKCkw2Uu/2cW9yT6FDWqxgyWiAm7O6KGTiRuZ:+aKsnTTOcW824khJOt3uZ
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1D4257C9CA505FDB6EF868B7710D21F0993A7B080F7D9DB3B6530FF38015A648972264A
sha3_384: 453cf4f3dd11682aba2a0eff3e65bac0dcd2a240034294e3f5622c1d2e20d5cc8bd48be5296e9e9d1c3b18f98347bbbd
ep_bytes: 4883ec28488b05d5af0a00c700000000
timestamp: 2021-12-06 12:42:31

Version Info:

0: [No Data]

Trojan.Win64.Agentb.bid also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47578876
FireEyeGeneric.mg.8e2948259014bee6
ALYacTrojan.GenericKD.47578876
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0057c6cd1 )
AlibabaTrojan:Win64/Kryptik.dbf80a12
K7GWTrojan ( 0057c6cd1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/Kryptik.CLC
APEXMalicious
KasperskyTrojan.Win64.Agentb.bid
BitDefenderTrojan.GenericKD.47578876
AvastWin64:Trojan-gen
Ad-AwareTrojan.GenericKD.47578876
SophosML/PE-A
ZillyaTrojan.Kryptik.Win64.13292
TrendMicroTROJ_GEN.R002C0WL921
McAfee-GW-EditionArtemis!Trojan
EmsisoftApplication.Generic (A)
IkarusTrojan.Win64.Meterpreter
GDataTrojan.GenericKD.47578876
AviraTR/Crypt.EPACK.Gen2
MAXmalware (ai score=84)
GridinsoftRansom.Win64.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
McAfeeArtemis!8E2948259014
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallTROJ_GEN.R002C0WL921
YandexTrojan.GenAsa!H49HLn3H1PA
SentinelOneStatic AI – Suspicious PE
FortinetW64/GenKryptik.ETPQ!tr
AVGWin64:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Trojan.Win64.Agentb.bid?

Trojan.Win64.Agentb.bid removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment