Malware

About “Win32/Agent.AFPV” infection

Malware Removal

The Win32/Agent.AFPV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent.AFPV virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Agent.AFPV?



File Info:

name: 1F0FF1397EC24A9B4B34.mlw
path: /opt/CAPEv2/storage/binaries/eb7c5df4149cd0ab6fc5b9773d61f679f9e1beb806113eb8b373b1603d99abd9
crc32: F6A754FB
md5: 1f0ff1397ec24a9b4b34ee0ceaac7cea
sha1: 2fa6a114f4bdd5ede8c3ac7d2f88c1706cbad180
sha256: eb7c5df4149cd0ab6fc5b9773d61f679f9e1beb806113eb8b373b1603d99abd9
sha512: 14e700941264d0f34d5e8e75922a925bcec24a5bf73b0dab57aeb408366b2706ba8b9a6d5d996dd8bde731bc96edf07653e54faf48238cea5a60dc16f7e9ab53
ssdeep: 49152:zjTVY1NERoeS6rqSgmNhba6vizptMpSYSNpNH4IU2ynDJ9ytIfle3O:zfVbUSLm6vIpDYWMz2yDNA3O
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T149C5339953483AFDD263AEF0DB2285281934EEFF1559294D352FFC172F34E11A0A39A1
sha3_384: dc9cdebd33ef31f94ff45dacf23dc43d54db5f3266003d14fb2d4650bbea46b3904d52ea921731bac0a903dd9df49725
ep_bytes: 6801606700e801000000c3c3fb0d5ee6
timestamp: 2023-07-11 12:48:55


Version Info:

Translation: 0x0804 0x04b0
FileDescription: ColorPickerDemo Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: ColorPickerDemo
LegalCopyright: 版权所有 (C) 2001
OriginalFilename: ColorPickerDemo.EXE
ProductName: ColorPickerDemo 应用程序
ProductVersion: 1, 0, 0, 1
Assembly Version: 9.3.4.0
CompanyName: 
LegalTrademarks:

Win32/Agent.AFPV also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Lotok.4!c
MicroWorld-eScanTrojan.GenericKD.68187445
FireEyeGeneric.mg.1f0ff1397ec24a9b
CAT-QuickHealBackdoor.Lotok
ALYacTrojan.GenericKD.68187445
Cylanceunsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 005a12701 )
AlibabaBackdoor:Win32/Lotok.83e89aac
K7GWTrojan ( 005a12701 )
BitDefenderThetaGen:NN.ZexaF.36318.ME0aaW8n0aab
CyrenW32/ABRisk.ECWJ-1616
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Agent.AFPV
APEXMalicious
KasperskyBackdoor.Win32.Lotok.nzl
BitDefenderTrojan.GenericKD.68187445
AvastWin32:RATX-gen [Trj]
TencentMalware.Win32.Gencirc.13e9d2bf
EmsisoftTrojan.GenericKD.68187445 (B)
F-SecureHeuristic.HEUR/AGEN.1338694
VIPRETrojan.GenericKD.68187445
McAfee-GW-EditionBehavesLike.Win32.Downloader.vc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.68187445
GoogleDetected
AviraHEUR/AGEN.1338694
Antiy-AVLTrojan[Backdoor]/Win32.Lotok
ArcabitTrojan.Generic.D4107535
ZoneAlarmBackdoor.Win32.Lotok.nzl
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
CynetMalicious (score: 99)
McAfeeArtemis!1F0FF1397EC2
MAXmalware (ai score=89)
VBA32BScope.Backdoor.Lotok
MalwarebytesTrojan.Crypt
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002H0DGF23
RisingBackdoor.Lotok!8.111D5 (CLOUD)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.AFPV!tr
AVGWin32:RATX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Agent.AFPV?

Win32/Agent.AFPV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment