Adware

What is “Win32/Adware.Agent.NWE”?

Malware Removal

The Win32/Adware.Agent.NWE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Adware.Agent.NWE virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode patterns malware family
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Adware.Agent.NWE?



File Info:

name: 15EEC416F4923CC2A0E7.mlw
path: /opt/CAPEv2/storage/binaries/d1f738503f3b002065934f3ca2e07d14cd5a813a4d9c75bf1e119e1e9a3c0377
crc32: ABF9F10E
md5: 15eec416f4923cc2a0e7e142b00b6980
sha1: a9587c3893004ff69257e176ab18721fd80643b9
sha256: d1f738503f3b002065934f3ca2e07d14cd5a813a4d9c75bf1e119e1e9a3c0377
sha512: 214b3b09af68043c0dc99994d33513acf27139edea9f27fa6566e8d48b33b2acb6cefe70ba21bf8c5782d0e14b0b7a8f6e99dba26571f1fe1997b206b4574fde
ssdeep: 3072:GQnRXsfcrGtEieM2LZ205oQ4Sr4X/80EN9DM/XJlysQliL97E5i6rl:fecr8UM2F2U3R0tKW97E5F
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T164346C2332A0C4B3D69B05714ED1BBB9B1BAFE504F11DEA3A7843B1E1D325D14A2626D
sha3_384: f25ecfeba400bdd468801f6c4f358f08f55d88a53f91e2e8b6a38d3b7cd994888e0840e1140c4074e7d0228c42b01bb5
ep_bytes: 558bec6aff68a059420068d0d4400064
timestamp: 2013-11-07 07:31:29


Version Info:

CompanyName: 
FileDescription: ShortCut Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: ShortCut
LegalCopyright: 版权所有 (C) 2002
LegalTrademarks: 
OriginalFilename: ShortCut.EXE
ProductName: ShortCut 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Win32/Adware.Agent.NWE also known as:

BkavW32.Common.B93C720C
ZillyaAdware.Agent.Win32.182810
CrowdStrikewin/malicious_confidence_60% (D)
VirITAdware.Win32.Plugin.KS
ESET-NOD32a variant of Win32/Adware.Agent.NWE
APEXMalicious
CynetMalicious (score: 100)
TencentMalware.Win32.Gencirc.13ff7fb7
DrWebAdware.Plugin.278
WebrootPua.Adware.Multiplug
Kingsoftmalware.kb.a.779
MalwarebytesGeneric.Malware/Suspicious
RisingAdware.Agent!8.71 (CLOUD)
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaCO.36744.oq0@aWPxWomb

How to remove Win32/Adware.Agent.NWE?

Win32/Adware.Agent.NWE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment