Malware

Win32/Agent.AAFV (file analysis)

Malware Removal

The Win32/Agent.AAFV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Agent.AAFV virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Serbian
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32/Agent.AAFV?


File Info:

crc32: E0AFEDCD
md5: e3083483121cd288264f8c5624fb2cd1
name: updatewin.exe
sha1: 144a1dd6714ff4b5675c32f428d1899e500140a5
sha256: 114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd
sha512: b14314784600881699a1fb3f45beb4ebeba72fd5bbf3e81329d84ff3220b0c48b0ac1602fff2aa80feda7e403b4a9c7d102890d9b96a042f52fac85d411f46da
ssdeep: 6144:JMLLGApbfLsx8TsvD6OD61XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXX5:JMLdpMdhDyXXnXXfXXXWXXXXHXXXXBX
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2018, huxonulow
InternalName: sutazaxidi.exe
FileVersion: 8.8.10.11
Translation: 0x0669 0x04b0

Win32/Agent.AAFV also known as:

MicroWorld-eScanTrojan.AgentWDCR.SUF
FireEyeGeneric.mg.e3083483121cd288
CAT-QuickHealRansom.Stop.S7866402
Qihoo-360HEUR/QVM10.2.98CB.Malware.Gen
McAfeeGeneric.bto
CylanceUnsafe
ZillyaTrojan.Chapak.Win32.59443
AegisLabTrojan.Win32.Generic.4!c
SangforMalware
K7AntiVirusTrojan ( 00545a541 )
BitDefenderTrojan.AgentWDCR.SUF
K7GWTrojan ( 00545a541 )
Cybereasonmalicious.3121cd
TrendMicroTrojan.Win32.MALREP.THOABAAI
BitDefenderThetaGen:NN.ZexaF.34084.ru0@a8xQ2BoG
F-ProtW32/Kryptik.PT.gen!Eldorado
ESET-NOD32Win32/Agent.AAFV
APEXMalicious
AvastOther:Malware-gen [Trj]
GDataWin32.Packed.Kryptik.JUUEI4
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:Win32/Kryptik.74eacd51
NANO-AntivirusTrojan.Win32.Yakes.fmwlrp
ViRobotTrojan.Win32.S.Agent.284160.DA
TencentWin32.Trojan.Generic.Agkm
Endgamemalicious (high confidence)
EmsisoftTrojan.AgentWDCR.SUF (B)
ComodoMalware@#1osnkashzi01c
F-SecureTrojan.TR/Crypt.Agent.lvzhe
DrWebTrojan.PWS.Siggen2.9186
VIPREWin32.Malware!Drop
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Downloader.dh
Trapminemalicious.high.ml.score
SophosMal/GandCrab-G
IkarusTrojan-Ransom.Downloader.Stop
CyrenW32/Kryptik.PT.gen!Eldorado
JiangminTrojan.Generic.dceqw
WebrootW32.Trojan.Gen
AviraTR/Crypt.Agent.lvzhe
MAXmalware (ai score=100)
Antiy-AVLTrojan[Ransom]/Win32.Chapak.a
MicrosoftTrojan:Win32/Fareit.VP!MTB
ArcabitTrojan.AgentWDCR.SUF
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AhnLab-V3Win-Trojan/Gandcrab10.Exp
ZoneAlarmHEUR:Trojan.Win32.Generic
ALYacTrojan.Ransom.Stop
VBA32BScope.Trojan.Chapak
MalwarebytesTrojan.MalPack.GS
PandaTrj/WLT.E
ZonerTrojan.Win32.80413
TrendMicro-HouseCallTrojan.Win32.MALREP.THOABAAI
RisingTrojan.Kryptik!1.B582 (KTSE)
YandexTrojan.Chapak!
eGambitUnsafe.AI_Score_99%
FortinetW32/Generic.AAFV!tr
Ad-AwareTrojan.AgentWDCR.SUF
AVGOther:Malware-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureRansomeware.GandCrypt.JZ

How to remove Win32/Agent.AAFV?

Win32/Agent.AAFV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment