Should I remove “Win32/HackTool.Agent.NIU”?

The Win32/HackTool.Agent.NIU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/HackTool.Agent.NIU virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (inter-process)

How to determine Win32/HackTool.Agent.NIU?


File Info:
name: A2247FE2C62658A57EA6.mlw
path: /opt/CAPEv2/storage/binaries/4005c70a062767456d0a4a5e96f1411c95eae786deb08f8d36fb587a19a7de27
crc32: F9E56964
md5: a2247fe2c62658a57ea69f65d4995428
sha1: 19b67e26f904b31c2d3b344a062d0db1bc5af320
sha256: 4005c70a062767456d0a4a5e96f1411c95eae786deb08f8d36fb587a19a7de27
sha512: 46f06e3a62a773237bb37419bab0e3abac0dfd8c4da43123c9f017f81c9d741483a784ed57d830a01a53a2f4721777820aa1d01880442e0ff184439da8f07ebf
ssdeep: 49152:HlV7e7d6BdueolNQa7T6IIlqIS/OkgoJrb:uYue1uT6IKa/Ohohb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T191751222F997C032C52242310D54E7F18A7EBD7449B28597BBE81F4D76786D0AE32B63
sha3_384: 8afba6aea0202571ea13ed03362e12aa74336bdcccea4b041a4784eef0e57e8f9f6f799a0cfe92cfe3fce809876d6a8e
ep_bytes: e8c7ea0000e97ffeffff558bec568b75
timestamp: 2015-03-11 11:35:27

Version Info:
CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
InternalName: TODO: 
LegalCopyright: Copyright (C) 2015
OriginalFilename: HollowCarrier.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Win32/HackTool.Agent.NIU also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Brresmon.Gen.1
VIPRE	Gen:Trojan.Brresmon.Gen.1
K7AntiVirus	Hacktool ( 005957181 )
BitDefender	Gen:Trojan.Brresmon.Gen.1
K7GW	Hacktool ( 005957181 )
CrowdStrike	win/malicious_confidence_60% (D)
BitDefenderTheta	Gen:NN.ZexaF.36318.Kr0@aeDe81fi
ESET-NOD32	a variant of Win32/HackTool.Agent.NIU
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Inject.gen
Avast	Win32:Trojan-gen
Rising	Trojan.Generic@AI.94 (RDML:I2oNOsKcr9E4LcRC3w5BnA)
Emsisoft	Gen:Trojan.Brresmon.Gen.1 (B)
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.a2247fe2c62658a5
Sophos	Generic ML PUA (PUA)
GData	Gen:Trojan.Brresmon.Gen.1
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Win32.Inject
Arcabit	Trojan.Brresmon.Gen.1
ZoneAlarm	HEUR:Trojan.Win32.Inject.gen
Tencent	Malware.Win32.Gencirc.13d8e32e
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:Trojan-gen
Cybereason	malicious.2c6265

How to remove Win32/HackTool.Agent.NIU?

Win32/HackTool.Agent.NIU removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X