Trojan

Win32/TrojanDownloader.Agent.GJM removal tips

Malware Removal

The Win32/TrojanDownloader.Agent.GJM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Agent.GJM virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • CAPE detected the VMProtectStub malware family
  • Attempts to modify proxy settings

How to determine Win32/TrojanDownloader.Agent.GJM?



File Info:

name: A6E293F26314D5712795.mlw
path: /opt/CAPEv2/storage/binaries/3e7bb6a767ecd4dbd49c40f57e7f21112431acf6bdbb1d95d740de13bab73b17
crc32: CB74E776
md5: a6e293f26314d5712795cd7c5da66793
sha1: 2c4c53beae0a5cd190c3299c695626278411f0c8
sha256: 3e7bb6a767ecd4dbd49c40f57e7f21112431acf6bdbb1d95d740de13bab73b17
sha512: 4f95e0e58a9473b328137966642b8e0bb5cbf9b5128d363ea38b895d1dc1478fcc10da2c1ff685da2d7824f1d36f4cc2b46a2f41bb2c581650f0a73d33932622
ssdeep: 24576:bIlIEJ7C5idlSCBOmUN6nIHCUCWm6c0wIQD:bIlBJ7CAlSwc8nlUnk/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E505E003B7B280F1C4D706715E76E33EF37091104A6ACDA3DBC06A99AC625E7B93A355
sha3_384: 4ba8e1d0efbb8fe1cc95a2dbadad11f6fecf15d943d949b2997603f76e6f88457c4f5345fdf1bdf1f8994a960227887e
ep_bytes: 68a2713bd4880c24c704248ccd0090e8
timestamp: 2022-06-26 05:38:52


Version Info:

0: [No Data]

Win32/TrojanDownloader.Agent.GJM also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.49279121
ALYacTrojan.GenericKD.49279121
CylanceUnsafe
VIPRETrojan.GenericKD.49279121
SangforTrojan.Win32.Save.BlackMoon
K7AntiVirusTrojan ( 004c2dc01 )
AlibabaTrojanDownloader:Win32/VMProtBad.17d3f159
K7GWTrojan ( 004c2dc01 )
Cybereasonmalicious.eae0a5
ArcabitTrojan.Generic.D2EFF091
CyrenW32/ABRisk.GZFK-5239
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.GJM
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Bingoml.hhpw
BitDefenderTrojan.GenericKD.49279121
AvastWin32:RATX-gen [Trj]
TencentWin32.Trojan-Downloader.Oader.Rgil
Ad-AwareTrojan.GenericKD.49279121
EmsisoftTrojan.GenericKD.49279121 (B)
ComodoVirus.Win32.Virut.CE@1fhkga
DrWebTrojan.Fakealert.60099
TrendMicroTROJ_GEN.R002C0RG322
McAfee-GW-EditionBehavesLike.Win32.Autorun.cc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.a6e293f26314d571
SophosMal/VMProtBad-A
SentinelOneStatic AI – Malicious PE
AviraTR/Crypt.CFI.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan[Banker]/Win32.BlackMoon.a
MicrosoftTrojan:Win32/Wacatac.A!ml
ZoneAlarmTrojan.Win32.Bingoml.hhpw
GDataWin32.Trojan-Stealer.BlackMoon.D
GoogleDetected
AhnLab-V3Trojan/Win.RealProtect-LS.C5174057
McAfeeGenericRXTO-FL!A6E293F26314
VBA32BScope.Trojan.BlackMoon
MalwarebytesBackdoor.Farfli
TrendMicro-HouseCallTROJ_GEN.R002C0RG322
RisingTrojan.Generic@AI.100 (RDML:/bxNtSxC11V426X8Km8uRg)
IkarusAdWare.Win32.BlackMoon
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
BitDefenderThetaGen:NN.ZexaF.34754.YyW@aWtndMob
AVGWin32:RATX-gen [Trj]

How to remove Win32/TrojanDownloader.Agent.GJM?

Win32/TrojanDownloader.Agent.GJM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment