Win32/TrojanDownloader.Agent.HNK (file analysis)

The Win32/TrojanDownloader.Agent.HNK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.Agent.HNK virus can do?

Sample contains Overlay data
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Authenticode signature is invalid
Attempts to modify proxy settings
Deletes executed files from disk

How to determine Win32/TrojanDownloader.Agent.HNK?


File Info:
name: F4B889B3448F3FBDE4AA.mlw
path: /opt/CAPEv2/storage/binaries/0451bd9d8b8caa082cabd7a5c5271b13542f6c493d9b0cb9fcc53733a028c717
crc32: 8F5796A8
md5: f4b889b3448f3fbde4aa5b75d6ec14b1
sha1: 1375b766e6d59c72fdf52ba79fca756917c6db7a
sha256: 0451bd9d8b8caa082cabd7a5c5271b13542f6c493d9b0cb9fcc53733a028c717
sha512: 088774fdc19f69ff021d0aa389b4836e025dbf3741c0223c447b7576b187e564e5c312095b96c5e442cc432b07d9469948b567433995eb266f00c2275dd6f05d
ssdeep: 1536:rferrLkSRoe8C4UZsys0Dh1duK4Romu/7qhEMwdFI+PlP:rfi3k+oWDBDh1duK45LhELQWlP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E763BF11F390C073DAF2137268362BB75FF6982152A49B4743906F2E7C62682ED1FB95
sha3_384: 8ab2576451589ae9a44bec876bfba22f289b2e3634cf0381f05c905ba98cbd78d7b974d34ba2d7035179f57be833032c
ep_bytes: 81ecf80300005556576a205f33ed6801
timestamp: 2023-07-02 02:09:48

Version Info:
0: [No Data]

Win32/TrojanDownloader.Agent.HNK also known as:

ESET-NOD32	Win32/TrojanDownloader.Agent.HNK
Kaspersky	HEUR:Trojan-Downloader.Win32.OffLoader.gen
Avast	NSIS:DropperX-gen [Drp]
F-Secure	Trojan.TR/Adload.Gen
DrWeb	Trojan.DownLoad4.16207
Trapmine	suspicious.low.ml.score
Google	Detected
Avira	TR/Adload.Gen
Varist	W32/Trojan.AWAG-2834
Antiy-AVL	Trojan[Downloader]/NSIS.AdLoad.ds
ZoneAlarm	HEUR:Trojan-Downloader.Win32.OffLoader.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
VBA32	suspected of Trojan.Downloader.gen
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H07BT24
Fortinet	NSIS/Agent.HNK!tr
AVG	NSIS:DropperX-gen [Drp]
DeepInstinct	MALICIOUS

How to remove Win32/TrojanDownloader.Agent.HNK?

Win32/TrojanDownloader.Agent.HNK removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X