About “Win32/Agent.NCK” infection

The Win32/Agent.NCK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Agent.NCK virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Drops a binary and executes it
Executes the printer spooler process
Authenticode signature is invalid
Harvests cookies for information gathering

How to determine Win32/Agent.NCK?


File Info:
name: EBFDC6F4B3675FD828E7.mlw
path: /opt/CAPEv2/storage/binaries/37e4a35dca2333f2beae60fee89b5ee8c4b1bc19cbe56ebcbeb8ebbde7e19341
crc32: F52FB282
md5: ebfdc6f4b3675fd828e76cf6804632e0
sha1: f3d1cfa22225a5b88f7576b15d5eafcfe82989ab
sha256: 37e4a35dca2333f2beae60fee89b5ee8c4b1bc19cbe56ebcbeb8ebbde7e19341
sha512: d174e4f4d18a5d5e5415e36a334b24729f48a644120fdfed671523f5d828f422b0058058cac6c70e5015691ea742d9a0ff76128c59ae2635ad7bd7be814f42dd
ssdeep: 3072:7kHvKzsSGTG1JUOI2E5J7kw3KSxSNQRflHsKgp+g/VIBSpvFMqwamTzNfgdUT:Kv0siyR2c7ySVlHaUMnp9M/3N4GT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1192412713EA28174F1C54AB34530AA13616F6DB44B3863D3ABE1A40F0DF62E6ED36316
sha3_384: 51db2add5be02cf88196077c0e04424006b7dfac6b37ee785a59f11ebf08e9648c12e402e81d938a0768d8b2862ccc49
ep_bytes: e829030000e94dfeffffccff25685140
timestamp: 2022-11-08 04:49:11

Version Info:
0: [No Data]

Win32/Agent.NCK also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
BitDefenderTheta	Gen:NN.ZexaF.34784.nuZ@aqjqaRdi
ESET-NOD32	a variant of Win32/Agent.NCK
Kaspersky	VHO:Trojan-Dropper.Win32.Daws.gen
Avast	Win32:Dh-A [Heur]
FireEye	Generic.mg.ebfdc6f4b3675fd8
Microsoft	Trojan:Win32/Wacatac.B!ml
Acronis	suspicious
APEX	Malicious
Fortinet	W32/Agent.NCK
AVG	Win32:Dh-A [Heur]
CrowdStrike	win/malicious_confidence_90% (D)

How to remove Win32/Agent.NCK?

Win32/Agent.NCK removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X