Trojan

VHO:Trojan-DDoS.Win32.Convagent removal instruction

Malware Removal

The VHO:Trojan-DDoS.Win32.Convagent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What VHO:Trojan-DDoS.Win32.Convagent virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine VHO:Trojan-DDoS.Win32.Convagent?


File Info:

name: 12925781A8991EF17C29.mlw
path: /opt/CAPEv2/storage/binaries/a9187097bc5d715e9cd81c87215f2f230cdef75bb99a90ed4a15a00222a9a398
crc32: FBAAC76B
md5: 12925781a8991ef17c299eac181e11a3
sha1: 9449199715b2c5819d39ba9a4b41302937ff9983
sha256: a9187097bc5d715e9cd81c87215f2f230cdef75bb99a90ed4a15a00222a9a398
sha512: 3161100c85318e469fac32d37fc8245b9efbf43b462c23efb686907256555c9ed7457cfbb54f9141b826f3a2037f50e61984004dd99c882047e07bec2ae30224
ssdeep: 3072:LuYWGOmtB6iSAFoo087I0QH6+CggVyurKBKkDdtsZoqNqc8aSjh/6d2VyCBodEiG:LuY+miDAFLfhreSdE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D0E3B4A2ED4EB893F49801B7462AD5B515648EB896B4C0DBFFD72D0730B2ED31076E06
sha3_384: 9aea99f453d4de0e76e72c899b528012eb6ca7f549ddf9cb858ca84240ec3f1f6f9f76b7ce42ea87531315d2978d25d2
ep_bytes: 558becb858190000e8e3ad000056b815
timestamp: 2021-12-11 23:01:01

Version Info:

Comments: Histrionic deplorin
CompanyName: Makeu mathematician blab
FileDescription: Chin contraption
FileVersion: 8.223.37.1
InternalName: Midland
LegalCopyright: Copyright © Droopies fancie
LegalTrademarks: Immunis join cheeke
OriginalFilename: Internin
ProductName: Digitis lapsin
ProductVersion: 8.223.37.1
Translation: 0x081a 0x081a

VHO:Trojan-DDoS.Win32.Convagent also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CrowdStrikewin/malicious_confidence_80% (D)
SymantecML.Attribute.HighConfidence
APEXMalicious
KasperskyVHO:Trojan-DDoS.Win32.Convagent.gen
F-SecureHeuristic.HEUR/AGEN.1145410
FireEyeGeneric.mg.12925781a8991ef1
SophosML/PE-A + Mal/EncPk-AQD
IkarusTrojan.Win32.Krypt
AviraHEUR/AGEN.1145410
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.Generic.R445087
VBA32BScope.Trojan.Tnega
CylanceUnsafe
RisingMalware.Heuristic!ET#81% (RDMK:cmRtazrXkbnnZchtF0vxhDgLC2ad)
eGambitUnsafe.AI_Score_99%
BitDefenderThetaGen:NN.ZexaF.34084.iy0@a0ph0eki
MaxSecureTrojan.Malware.300983.susgen

How to remove VHO:Trojan-DDoS.Win32.Convagent?

VHO:Trojan-DDoS.Win32.Convagent removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment