Spy

Win32/Spy.Agent.NES (file analysis)

Malware Removal

The Win32/Spy.Agent.NES is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Spy.Agent.NES virus can do?

  • At least one process apparently crashed during execution
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/Spy.Agent.NES?


File Info:

name: F6EDF35F2FF523224BE6.mlw
path: /opt/CAPEv2/storage/binaries/5af8dc9324b70648eee9c5794bd04b9a7a59c38bca68c4ec56954b02ff01feca
crc32: AB5A3069
md5: f6edf35f2ff523224be6ba9a25533eee
sha1: 5a4e44c5141ad4c40a36ddeb8c904ca5c158382c
sha256: 5af8dc9324b70648eee9c5794bd04b9a7a59c38bca68c4ec56954b02ff01feca
sha512: 1edf1221fa98bbc1568d2c5336a0951fd8112d94cd08ed1457e4472418c7bfbcb3267f83a8cf1c434c49b792aed32ea5be5489e9c4e6908698badff0a919074a
ssdeep: 768:eXSAvu65Mb/ZKBs9hzCF0kcVp6gCmylyW/VSJJfgYpN6Y9SbKNM86RNcKJa:eXhvu7bUchzCFqCfNdGYWNSFlRNcKs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T130137D2B61C6DDF2CD21847022A9BF75677EF8337C646C87D32059881526DC2953B78B
sha3_384: f9aad6e6d9edafc24c8a3f209739b5e6356a643e91f75572a46cf4b23830bbc6bbba354fb2d5e0bc5d2c977ba475d4bb
ep_bytes: 000000000014114000340c4100000041
timestamp: 2002-01-07 15:39:09

Version Info:

0: [No Data]

Win32/Spy.Agent.NES also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
FireEyeGeneric.mg.f6edf35f2ff52322
McAfeeGenericRXJG-JE!F6EDF35F2FF5
CylanceUnsafe
CrowdStrikewin/malicious_confidence_70% (D)
CyrenW32/Zbot.G.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Spy.Agent.NES
APEXMalicious
ClamAVWin.Malware.Zbot-9951823-0
AvastSf:Zbot-JD [Trj]
ComodoTrojWare.Win32.Spy.Zbot.ABA@1pe611
DrWebTrojan.PWS.Panda.15
McAfee-GW-EditionBehavesLike.Win32.Generic.ph
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.Agent.OL80SA
AviraTR/Crypt.XPACK.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.JE.C5174437
MalwarebytesMalware.AI.2301711007
RisingTrojan.Generic@AI.100 (RDML:xm9f3YfzqLkAzCjZKNHUQg)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Wsnpoem.EL!tr
AVGSf:Zbot-JD [Trj]
Cybereasonmalicious.5141ad

How to remove Win32/Spy.Agent.NES?

Win32/Spy.Agent.NES removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment