Malware

About “Win32/Agent.ACSB” infection

Malware Removal

The Win32/Agent.ACSB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent.ACSB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Collects and encrypts information about the computer likely to send to C2 server
  • Creates a copy of itself
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Anomalous binary characteristics

How to determine Win32/Agent.ACSB?



File Info:

name: 9813F30EBAFAB94DE67C.mlw
path: /opt/CAPEv2/storage/binaries/bd68d3426a95a5476bb3e1e0e3309e3b7ffc139cd55d37485362001dd62b5806
crc32: F9225487
md5: 9813f30ebafab94de67c4291d680f86f
sha1: 7305ec8b7bd8fe09f5104a14279a15a93a76684b
sha256: bd68d3426a95a5476bb3e1e0e3309e3b7ffc139cd55d37485362001dd62b5806
sha512: 9ea92d0d1b5d2f78550265b632b708a109a437290d627da4a04744cd29249085bf5e4325ac05ee62358118e02b3a23e62f59d82924f45c2aa5e188de00d18542
ssdeep: 6144:ZOHeBWJdskGtgUSxE916KEqYmFjvTBi9g6Th7Y94i:ZO+B4it8xokZmFjvToKUY94i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T175248D4267D909F2EAC2593144A7937EE7366B148F15C4C7D3EC392389223D1A63A3B9
sha3_384: f6fb01a60e2fc1c5c934faf5e319959d1fde83cb409c04e0a687e4aa755f4bb48f6aed8f7633b5aa6ba2e9c33370f2f8
ep_bytes: 68c4000000680000000068d0494300e8
timestamp: 1997-07-15 11:48:12


Version Info:

0: [No Data]

Win32/Agent.ACSB also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebBackDoor.Rat.353
MicroWorld-eScanGen:Variant.Doina.18215
FireEyeGeneric.mg.9813f30ebafab94d
ALYacGen:Variant.Doina.18215
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2048850
K7AntiVirusTrojan ( 00587c4a1 )
K7GWTrojan ( 00587c4a1 )
Cybereasonmalicious.b7bd8f
BitDefenderThetaGen:NN.ZexaF.34294.nqY@aSQ@w2o
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.ACSB
APEXMalicious
ClamAVWin.Malware.Nymeria-9879923-0
KasperskyVHO:Trojan-Dropper.Win32.Scrop.gen
BitDefenderGen:Variant.Doina.18215
NANO-AntivirusTrojan.Win32.SpyEyes.iukpuu
AvastWin32:DangerousSig [Trj]
Ad-AwareGen:Variant.Doina.18215
EmsisoftMalCert-S.EL (A)
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
SophosMal/BadCert-Gen
GDataGen:Variant.Doina.18215
JiangminTrojanSpy.SpyEyes.prq
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1142606
Antiy-AVLTrojan/Generic.ASMalwS.338BCC3
ArcabitTrojan.Doina.D4727
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4432449
Acronissuspicious
McAfeeGenericRXOV-MJ!9813F30EBAFA
MAXmalware (ai score=81)
VBA32BScope.TrojanSpy.SpyEyes
MalwarebytesSpyware.DiamondFox
RisingBackdoor.Diamondfox!1.D569 (CLASSIC)
YandexTrojan.Agent!69yLOApvKjM
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_93%
AVGWin32:DangerousSig [Trj]
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win32/Agent.ACSB?

Win32/Agent.ACSB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment