Categories: Trojan

Trojan:Win32/Agent.DY removal instruction

The Trojan:Win32/Agent.DY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Agent.DY virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Agent.DY?


File Info:
name: 2FBCB812CDCDA8FC5144.mlwpath: /opt/CAPEv2/storage/binaries/27cc74860f388b02f3fd8d69a3b050d7231eca109fbcdcce52dee4a3074ac6afcrc32: 14C2942Bmd5: 2fbcb812cdcda8fc51444ccaf325b0c0sha1: 6b0c63f540a8d4a60508aa208e60287868dc07f6sha256: 27cc74860f388b02f3fd8d69a3b050d7231eca109fbcdcce52dee4a3074ac6afsha512: 1d9c3214ed3792a90b541dd18f268762726edb7a71b3f4879a911d85c4d5e64a3c40f53459ce58cc1fb7361cb87dd08d08060d6be7be6fbf9e32aac73b451013ssdeep: 6144:vtrRMwjnCrWb7QTBivuYyC7mJYHUTKIebEV357qe0nZqsm2E4y:vFRXjCrZTUvuIqegV35D0Zqsm2Vytype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1ED84BF31CA05946BC8F700B6E6E6867A5EA47BF043086C9F53C4DEBD57661D03A122EFsha3_384: 6aad7b430b1d70d25abda25e7f28c413f801e701a42cabefc49bc445263716847681922dee704912e26997758d558613ep_bytes: 558bec6aff6890b1420068d060420064timestamp: 2008-08-27 08:34:27
Version Info:
Comments: CompanyName: Microsoft CorporationFileDescription: IExplorerFileVersion: 1, 0, 0, 1InternalName: IExplorerLegalCopyright: 版权所有(C) 2007LegalTrademarks: OriginalFilename: IExplorer.exePrivateBuild: ProductName: Microsoft(R) Windows(R) Operating SystemProductVersion: 5.1.2600.2180SpecialBuild: Translation: 0x0804 0x04b0

Trojan:Win32/Agent.DY also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Generic.SevenEleven.CB08A19B
FireEye	Generic.mg.2fbcb812cdcda8fc
Skyhigh	BehavesLike.Win32.Generic.fc
ALYac	Generic.SevenEleven.CB08A19B
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Generic.SevenEleven.CB08A19B
Sangfor	Suspicious.Win32.Save.ins
BitDefender	Generic.SevenEleven.CB08A19B
Cybereason	malicious.540a8d
BitDefenderTheta	AI:Packer.25942C1D1C
VirIT	Trojan.Win32.Generic.J
Symantec	Downloader
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Regil
APEX	Malicious
ClamAV	Win.Trojan.Girlinred-23
Kaspersky	Backdoor.Win32.GirlinRed.gfd
Alibaba	Backdoor:Win32/GirlinRed.85617d63
NANO-Antivirus	Trojan.Win32.GirlinRed.cvoeu
Rising	Backdoor.Win32.RedGirl.do (CLASSIC)
Sophos	ML/PE-A
F-Secure	Trojan.TR/ATRAPS.Gen
DrWeb	BackDoor.Redgirl.78
Zillya	Backdoor.GirlinRed.Win32.83
TrendMicro	BKDR_GIRLINRED.Z
Trapmine	malicious.high.ml.score
Emsisoft	Generic.SevenEleven.CB08A19B (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor/GirlinRed.bf
Google	Detected
Avira	TR/ATRAPS.Gen
Varist	W32/Agent.DV.gen!Eldorado
Antiy-AVL	Trojan[Backdoor]/Win32.GirlinRed
Kingsoft	malware.kb.a.1000
Microsoft	Trojan:Win32/Agent.DY
Xcitium	Backdoor.Win32.RedGirl.~D@fpqv
Arcabit	Generic.SevenEleven.CB08A19B
ZoneAlarm	Backdoor.Win32.GirlinRed.gfd
GData	Generic.SevenEleven.CB08A19B
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Hupigon.R2180
McAfee	BackDoor-EBJ
MAX	malware (ai score=100)
DeepInstinct	MALICIOUS
VBA32	BScope.Trojan.Inject
Cylance	unsafe
Panda	Bck/RedGirl.E
TrendMicro-HouseCall	BKDR_GIRLINRED.Z
Tencent	Malware.Win32.Gencirc.10b616da
Yandex	Trojan.GenAsa!YIzYDFDK1fg
Ikarus	Backdoor.Win32.GirlinRed.cw
MaxSecure	Trojan.Malware.807131.susgen
Fortinet	W32/Hupigon.GZY!tr.bdr
AVG	Win32:Girlinred-B [Trj]
Avast	Win32:Girlinred-B [Trj]
CrowdStrike	win/malicious_confidence_100% (W)