Malware

How to remove “Win32/Agent.RDE”?

Malware Removal

The Win32/Agent.RDE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent.RDE virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine Win32/Agent.RDE?



File Info:

name: A03382E13554B891C0F7.mlw
path: /opt/CAPEv2/storage/binaries/d00ca380f48ced33405d3909e5e6985e1a988d07899377476f88920803201e22
crc32: 3DBB9998
md5: a03382e13554b891c0f789559599cd35
sha1: 079e8ffc7a90a179c8dddeae0b7f9234dc852665
sha256: d00ca380f48ced33405d3909e5e6985e1a988d07899377476f88920803201e22
sha512: 89b2640d7575f59ffd7074b7a923f55635d2aaa5d2425ad5ac6ad66245d97643dbedea1c316da89ec560a5755a7dbfdf022400ee08a3e843e963728969774c3c
ssdeep: 49152:N0qBBBBBBBBBBBBBBBBBBBBBBf1111111111111111111111111112OOOOOOOOON:N0qBBBBBBBBBBBBBBBBBBBBBBX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1534612B7270C1E28EE4903BCEC27E467916F383413B73D66521DAF2DB90A16E942D527
sha3_384: fab9b45aa9c9f6aa0ef7bf5f5ebaf524f96f63b12518472bd364e3b84e308d7f9234659cf703e6cd566261bfc172ed99
ep_bytes: 558bec81c4a8feffffb930000000eb01
timestamp: 2007-12-22 02:58:42


Version Info:

CompanyName: ЦКмваИРяДхнЭзМоДУУВЫмъьШЛЩ
FileDescription: ЯВеБЩСЭсЮГпчИТяяМюйАжЙА
FileVersion: 60.17.53.48
InternalName: ЧяртПОнЦЮлКбСэТьХГгфзШЫзЭьШГВ
LegalCopyright: 1750-6124
OriginalFilename: U8w4J2mM.exe
ProductName: гмЯИбЯЛЬфРМкионЗгщяюуЩХэн
ProductVersion: 60.17.53.48
Translation: 0x04b0 0x0417

Win32/Agent.RDE also known as:

BkavW32.AIDetect.malware1
LionicHacktool.Win32.Krap.x!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bredo.3
FireEyeGeneric.mg.a03382e13554b891
McAfeePWS-Zbot.gen.aje
CylanceUnsafe
ZillyaTrojan.Agent.Win32.123851
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055e3dd1 )
K7GWTrojan ( 0055e3dd1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan.Agent.auw
VirITTrojan.Win32.SHeur3.AHJR
CyrenW32/Skintrim.1!Generic
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Agent.RDE
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Small-5417
KasperskyPacked.Win32.Krap.hm
BitDefenderGen:Variant.Bredo.3
NANO-AntivirusTrojan.Win32.Krap.xsvc
AvastWin32:MalOb-IJ [Cryp]
TencentMalware.Win32.Gencirc.10b84ba1
Ad-AwareGen:Variant.Bredo.3
EmsisoftGen:Variant.Bredo.3 (B)
ComodoMalCrypt.Indus!@1qrzi1
DrWebTrojan.Siggen1.62207
VIPREGen:Variant.Bredo.3
TrendMicroMal_Qakbot-2
McAfee-GW-EditionPWS-Zbot.gen.aje
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Zbot-U
IkarusWorm.Win32.Ramnit
GDataGen:Variant.Bredo.3
JiangminPacked.Krap.cqoj
AviraTR/Dropper.Gen
MAXmalware (ai score=80)
MicrosoftPWS:Win32/Axespec.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R207569
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34742.@t3@aigV2ric
ALYacGen:Variant.Bredo.3
VBA32Trojan.SB.01742
TrendMicro-HouseCallMal_Qakbot-2
RisingTrojan.Axespec!1.A74A (CLASSIC)
YandexTrojan.GenAsa!Kky6tMUJ0Qg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Generic.AC.221D9E!tr
AVGWin32:MalOb-IJ [Cryp]
Cybereasonmalicious.13554b
PandaTrj/Genetic.gen

How to remove Win32/Agent.RDE?

Win32/Agent.RDE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment