UDS:Trojan.Win32.Agent.xapqcq malicious file

The UDS:Trojan.Win32.Agent.xapqcq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What UDS:Trojan.Win32.Agent.xapqcq virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine UDS:Trojan.Win32.Agent.xapqcq?


File Info:
name: 907492681526090B7A18.mlw
path: /opt/CAPEv2/storage/binaries/d9a6bcc34b454570d77a0382c742881753f9e32771879f78ca1fb2e7ff83ef15
crc32: 47E76102
md5: 907492681526090b7a18471afb7ddf66
sha1: 50db42dd33151dbd192f488cc5042d8611c82527
sha256: d9a6bcc34b454570d77a0382c742881753f9e32771879f78ca1fb2e7ff83ef15
sha512: e9c5758024722d81e2b05a22b01ffdd1db72342407588081b8cf69f02ea41666996fad5195bb67d47792c2e46c1c34bf00b8e87fbbc98fa9d057e3b59019e283
ssdeep: 12288:x4lsXvtCcmVVXzzn4PJAahPl/QEdIMiVbHydEIJnJWUgan7f3q9MmCS:x4lavt0LkLL9IMixoEgea7f3q9MmCS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14C059E0373DDC3A1C3725273BA66BB01AEBB7C2506A1F59B2FD5093DE920162521E673
sha3_384: 11f7ea5b0316c94dcf7c507b98507f7652e6cdaf31d71621a7a11645b6151e3016598f50803dea476a02b64bdb07537d
ep_bytes: e897cf0000e97ffeffffcccccccccccc
timestamp: 2017-12-27 08:59:12

Version Info:
Translation: 0x0809 0x04b0

UDS:Trojan.Win32.Agent.xapqcq also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
Sangfor	Trojan.Win32.Save.a
Cyren	W32/AutoIt.EZ.gen!Eldorado
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan.Win32.Agent.xapqcq
Sophos	Generic ML PUA (PUA)
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.907492681526090b
Malwarebytes	Backdoor.Bladabindi
Fortinet	W32/PossibleThreat
Cybereason	malicious.d33151

How to remove UDS:Trojan.Win32.Agent.xapqcq?

UDS:Trojan.Win32.Agent.xapqcq removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X