Malware

What is “Win32/Agent_AGen.I potentially unsafe”?

Malware Removal

The Win32/Agent_AGen.I potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent_AGen.I potentially unsafe virus can do?

  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Hebrew
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the shellcode patterns malware family
  • Binary file triggered YARA rule
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Agent_AGen.I potentially unsafe?



File Info:

name: E2EA94774A33C6E49888.mlw
path: /opt/CAPEv2/storage/binaries/3099260dd1dc8b8526c83d45ee27e0961b2fd545906f1b9de088749d13eb8dcf
crc32: 69DA2D4A
md5: e2ea94774a33c6e4988807f8f58dccbf
sha1: be2029e1d32caa7cb23850f97314ff30b5ca322d
sha256: 3099260dd1dc8b8526c83d45ee27e0961b2fd545906f1b9de088749d13eb8dcf
sha512: 276dd58dec7da01208c73c86a001162d3d790ac9c972930528b8a76deef9e6d622e08ec18d098078f96ecf2f302154207660f94c3eace55391703dded57968ee
ssdeep: 1536:TjToX7AdyHnaRgqKuveje86oZQMyqZQDbwhw7r:TAkd2nNqK/S3FDkhw7r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FB536C03B2E08872D7EB1A7059716B269EFA7C272178962F8B947ECE6C70540DD3435B
sha3_384: 5516adcacb053cbb867f8a138fc85b126cbbf8fb284ec307f857e0d8a0edcb8f086635c6f59d3202a45fe1c5dcfb7d7a
ep_bytes: 6a706870c34000e8de01000033db538b
timestamp: 2024-01-20 11:57:35


Version Info:

CompanyName: NirSoft
FileDescription: LSA Secrets Viewer
FileVersion: 1.26
LegalCopyright: Copyright © 2006 - 2024 Nir Sofer
ProductName:  LSASecretsView
ProductVersion: 1.26
Translation: 0x0409 0x04b0

Win32/Agent_AGen.I potentially unsafe also known as:

BkavW32.Common.676BC35F
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Application.Heur.dq0@kG@1qEaO
SkyhighTool-PassView.b
McAfeeTool-PassView.b
Cylanceunsafe
VIPREGen:Application.Heur.dq0@kG@1qEaO
K7GWUnwanted-Program ( 005b39e91 )
K7AntiVirusUnwanted-Program ( 005b39e91 )
ESET-NOD32a variant of Win32/Agent_AGen.I potentially unsafe
Paloaltogeneric.ml
BitDefenderGen:Application.Heur.dq0@kG@1qEaO
EmsisoftGen:Application.Heur.dq0@kG@1qEaO (B)
FireEyeGeneric.mg.e2ea94774a33c6e4
MAXmalware (ai score=79)
WebrootW32.Hack.Tool
GoogleDetected
VaristW32/ABApplication.PHHB-6199
Antiy-AVLTrojan/Win32.Phonzy
Kingsoftmalware.kb.a.867
ArcabitApplication.Heur.E63E01
GDataGen:Application.Heur.dq0@kG@1qEaO
CynetMalicious (score: 100)
MalwarebytesGeneric.Malware/Suspicious
RisingTrojan.Generic@AI.80 (RDML:d3VGfE6/uhPRKcDlm/KgsA)
MaxSecureTrojan.Malware.230060009.susgen
FortinetRiskware/PassView
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Agent_AGen.I

How to remove Win32/Agent_AGen.I potentially unsafe?

Win32/Agent_AGen.I potentially unsafe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment