What is “Win32/Agent_AGen.DEA”?

The Win32/Agent_AGen.DEA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Agent_AGen.DEA virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/Agent_AGen.DEA?


File Info:
name: 93213AABCE2A5FBD688D.mlw
path: /opt/CAPEv2/storage/binaries/05deb9d45442889a491d2252b15eff17510dde3f95b60e9feef5f0740a84e43e
crc32: C244E30F
md5: 93213aabce2a5fbd688d625945da467b
sha1: e9b5c9baa887bcf21b1826cb2d9092994a554451
sha256: 05deb9d45442889a491d2252b15eff17510dde3f95b60e9feef5f0740a84e43e
sha512: eeca27e689e640b742b725440d57871106b61c4da0cd03bfdba67ff7ff70245143d0aea74519360b96f5e56343d14895911100b149dc3874c05d3ca312b3f0b9
ssdeep: 384:NXy4JGp7rJE92mClzc8QmPeuaBU3losjuzZ6UwYRGZqMt7P5nohOYWGZkc8uTxRZ:9MJTm0P3PP3lLuzZPKqMd+QlG6c8YxRZ
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T137E2D65A7E444CF7EA511B3880E6CB766A7CF150C6234F63F650B7308A337A5219A27E
sha3_384: 7718cf16a2887aea856adb35b0eeffde698fe5d3578f27aa846723566f30bc6d8822842b3a2ab238e7edb0201de7b101
ep_bytes: 57565383ec108b5c24248b7424208b7c
timestamp: 2024-02-09 07:35:26

Version Info:
0: [No Data]

Win32/Agent_AGen.DEA also known as:

Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Gen:Trojan.Heur.PT.c46@amhSY1m
FireEye	Gen:Trojan.Heur.PT.c46@amhSY1m
Skyhigh	Artemis!Trojan
McAfee	Artemis!93213AABCE2A
VIPRE	Gen:Trojan.Heur.PT.c46@amhSY1m
Sangfor	Trojan.Win32.Agent.V72n
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Agent_AGen.DEA
Kaspersky	UDS:Trojan-Dropper.Win32.Agent
BitDefender	Gen:Trojan.Heur.PT.c46@amhSY1m
Avast	FileRepMalware [Misc]
Tencent	Win32.Trojan.Dropper.Pzfl
Emsisoft	Gen:Trojan.Heur.PT.c46@amhSY1m (B)
F-Secure	Trojan.TR/Dropper.Gen
Sophos	Mal/Generic-S
MAX	malware (ai score=87)
GData	Gen:Trojan.Heur.PT.c46@amhSY1m
Avira	TR/Dropper.Gen
Arcabit	Trojan.Heur.PT.E9C1AA
ZoneAlarm	UDS:Trojan-Dropper.Win32.Agent
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
BitDefenderTheta	AI:Packer.8EAE737B1E
ALYac	Gen:Trojan.Heur.PT.c46@amhSY1m
Cylance	unsafe
Rising	Trojan.Agent!8.B1E (TFE:5:tHmWCuLiTML)
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS

How to remove Win32/Agent_AGen.DEA?

Win32/Agent_AGen.DEA removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X