Trojan

Win32/TrojanDownloader.Agent.FFX (file analysis)

Malware Removal

The Win32/TrojanDownloader.Agent.FFX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Agent.FFX virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Harvests cookies for information gathering

How to determine Win32/TrojanDownloader.Agent.FFX?



File Info:

name: 16820A746B4DEEAAFC4A.mlw
path: /opt/CAPEv2/storage/binaries/a2ac87ac97114e24c11699b7c8669a70f878d055d37cc9c7198d6b0a1139da5d
crc32: E57C0975
md5: 16820a746b4deeaafc4a1132745416ce
sha1: 25b524812f359325fd47c3c432541ea35b36052c
sha256: a2ac87ac97114e24c11699b7c8669a70f878d055d37cc9c7198d6b0a1139da5d
sha512: 35da9671a9dbc57ebb1193e6004631e5ec0cc6cb1c673652cdc79e6ba2462a258eeec68c202844c8bf58d7aced17ff4d0e097594cb36cadc7230e3598e163522
ssdeep: 6144:lisar3olTCzOanFgQmoq8fDVTzuGUs989iAOA+ukC4:lXjTCzOanFgf+TzuGUsqc2D4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T199248D1175E2C473D5B2153008F8DB751A3DBC314F619AEBA3D40B7E8F342C2A676A6A
sha3_384: 4f2c2c94d946df783945dbd7fa555480e46b9c780823dea5112de29db7dd60f7193ff1f802934794e3303ec76a364073
ep_bytes: e87a040000e97afeffff558bec8b4508
timestamp: 2020-06-30 14:37:00


Version Info:

CompanyName: Noriyuki Miyazaki
FileDescription: CrystalDiskInfo
FileVersion: 8.2019.0.0
InternalName: DiskInfo.exe
LegalCopyright: (C) 2008-2019 hiyohiyo
OriginalFilename: DiskInfo.exe
ProductName: CrystalDiskInfo
ProductVersion: 8.3.2.2019
Translation: 0x0407 0x04b0

Win32/TrojanDownloader.Agent.FFX also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
DrWebTrojan.Inject3.45295
McAfeeArtemis!16820A746B4D
MalwarebytesTrojan.Downloader
SangforPUP.Win32.Johnnie.258676
K7AntiVirusTrojan-Downloader ( 0056b46d1 )
K7GWTrojan-Downloader ( 0056b46d1 )
Cybereasonmalicious.46b4de
BitDefenderThetaGen:NN.ZexaE.34698.nu0@aWKqm3zi
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.FFX
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.Scrop.adiy
AlibabaTrojanDropper:Win32/Scrop.b8a28596
NANO-AntivirusTrojan.Win32.Scrop.hpndgl
AvastWin32:Malware-gen
RisingTrojan.Generic@AI.91 (RDML:WH5G+wshY4jKwMaK0QWVUA)
ComodoMalware@#2fhj5o40hzav2
F-SecureTrojan.TR/Dldr.Agent.biljx
ZillyaDownloader.Agent.Win32.414052
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusTrojan-Downloader.Win32.Agent
GoogleDetected
AviraTR/Dldr.Agent.biljx
Antiy-AVLTrojan[Dropper]/Win32.Scrop
ZoneAlarmTrojan-Dropper.Win32.Scrop.adiy
MicrosoftTrojan:Win32/Occamy.B
CynetMalicious (score: 100)
VBA32BScope.Trojan.Wacatac
CylanceUnsafe
TencentWin32.Trojan-Dropper.Scrop.Eflw
YandexTrojan.DR.Scrop!Q4+m5GZ5pjs
MaxSecureTrojan.Malware.104338550.susgen
FortinetW32/Agent.FFX!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/TrojanDownloader.Agent.FFX?

Win32/TrojanDownloader.Agent.FFX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment