Trojan

Win32/TrojanDownloader.Agent.FEI removal tips

Malware Removal

The Win32/TrojanDownloader.Agent.FEI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Agent.FEI virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Exhibits behavior characteristics of GuLoader
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/TrojanDownloader.Agent.FEI?



File Info:

name: 92E131A3E0BF900FF749.mlw
path: /opt/CAPEv2/storage/binaries/5559c6b849abc92a94be6b4256e330e3565076db44f0e3edd95ac91716f9cd12
crc32: 8E11AC39
md5: 92e131a3e0bf900ff749f10b6d897004
sha1: 3aa7136ec8800c7f4a0c39792245fbb90d55f918
sha256: 5559c6b849abc92a94be6b4256e330e3565076db44f0e3edd95ac91716f9cd12
sha512: 41eca7ab120e4893391c1f286316e578901759bf0a71f31cbdeaec0c23c69addbe48608120e7d1bc2c6d62062b732e00649fadee2dd32d9dfa63b027068616af
ssdeep: 3072:BzYGS+wCsBs8zzaVTXr3OlcWbvZLM5ZRT8lzQOKeMP:0fXG8HcTXrelcAAFKM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T177C34923B660EC4FE6EE5AB0C57249F0C827FC74D5431A1B24D63E58787F652986232B
sha3_384: 00b9c69daaaae7e9763689da8cc3f67bd387341b15a49bceec6d022034431edff7bdd81cd25c1b50e6fd7609b0aa39f5
ep_bytes: 6878d84000e8f0ffffff000000000000
timestamp: 2013-06-09 15:40:46


Version Info:

Translation: 0x0400 0x04b0
CompanyName: Martin Prikryl
FileDescription: WinSCP: SFTP, FTP, WebDAV, S3 and SCP client
LegalCopyright: (c) 2000-2021 Martin Prikryl
ProductName: WinSCP
FileVersion: 5.19.0002
ProductVersion: 5.19.0002
InternalName: F2
OriginalFilename: F2

Win32/TrojanDownloader.Agent.FEI also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.GuLoader.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38715440
FireEyeGeneric.mg.92e131a3e0bf900f
CAT-QuickHealTrojan.Agent
McAfeeRDN/Generic Downloader.x
CylanceUnsafe
SangforTrojan.Win32.GuLoader.acs
K7AntiVirusTrojan ( 0058d6bf1 )
AlibabaTrojanDownloader:Win32/GuLoader.bc74716c
K7GWTrojan ( 0058d6bf1 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.VBGenus.EHU
CyrenW32/VBKrypt.BFQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Agent.FEI
APEXMalicious
KasperskyTrojan-Downloader.Win32.GuLoader.acs
BitDefenderTrojan.GenericKD.38715440
AvastWin32:DangerousSig [Trj]
RisingDownloader.Guloader!8.11C23 (CLOUD)
Ad-AwareTrojan.GenericKD.38715440
EmsisoftTrojan.GenericKD.38715440 (B)
ComodoMalware@#3rr3urk57fzse
TrendMicroTrojan.Win32.GULOADER.USPAXAQ22
McAfee-GW-EditionRDN/Generic Downloader.x
SophosMal/Generic-R + Troj/Zbot-POJ
IkarusTrojan.Win32.Injector
GDataTrojan.GenericKD.38715440
AviraTR/AD.Nekark.eakmq
GridinsoftRansom.Win32.Zbot.sa
ArcabitTrojan.Generic.D24EC030
ViRobotTrojan.Win32.Z.Woreflint.126296
ZoneAlarmTrojan-Downloader.Win32.GuLoader.acs
MicrosoftTrojan:Win32/Tnega.SSS!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Tnega.C4956796
BitDefenderThetaGen:NN.ZevbaF.34212.hm1@a4lm!VfO
ALYacTrojan.GenericKD.38715440
MAXmalware (ai score=81)
VBA32BScope.TrojanSpy.Noon
MalwarebytesTrojan.Injector
TrendMicro-HouseCallTrojan.Win32.GULOADER.USPAXAQ22
TencentWin32.Trojan-downloader.Guloader.Hupd
YandexTrojan.Injector_AGen!ZPGcexWIue8
FortinetW32/Injector.7004!tr
AVGWin32:DangerousSig [Trj]
PandaTrj/WLT.G
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32/TrojanDownloader.Agent.FEI?

Win32/TrojanDownloader.Agent.FEI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment