Trojan

Should I remove “Win32/TrojanDropper.Agent.PLN”?

Malware Removal

The Win32/TrojanDropper.Agent.PLN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDropper.Agent.PLN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Win32/TrojanDropper.Agent.PLN?



File Info:

name: B63A04B817E6F948E9A3.mlw
path: /opt/CAPEv2/storage/binaries/8547e6f640c7f2cdb454667f962f6619f21fb291130a6db43448368622106565
crc32: 7DB225A0
md5: b63a04b817e6f948e9a3dee7126a658a
sha1: 08346f3dd9b33f69aea1c98c920074f2dd377197
sha256: 8547e6f640c7f2cdb454667f962f6619f21fb291130a6db43448368622106565
sha512: 84b080ae650d7c758b259878e65991ee5686530319ff4fcb3224671ea37674bdb18028f1619d685e7cf319eab73c4aa2051433501bd646de0f94ea3629450b1c
ssdeep: 6144:Q6viUNIPcmmmRm4EG76adSNc/B9XgGJ2Fc+y6xL:QtEmREGO8oc/B9Q1xL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T192F4AE1377E0C077D752453289B75FB6EEB7AE280E6285070764FE1CBF32AA1C526206
sha3_384: 9d9e30e8b1ac97d59b76102bb37cb3aff1e2593263adc987e537d9143e9c7e0ef2ea66c60c02f4e729c4515d7e788229
ep_bytes: 558bec6aff68f0704000680035400064
timestamp: 2011-10-14 19:41:34


Version Info:

Comments: 
CompanyName: Shenzhen QVOD Technology Co.,Ltd
FileDescription: QvodInstall Module
FileVersion: 3, 0, 0, 0
InternalName: QvodInstall.exe
LegalCopyright: Copyright(C) 2006-2009 QVOD
LegalTrademarks: 
OriginalFilename: QvodInstall.exe
PrivateBuild: 
ProductName: QvodInstall Module
ProductVersion: 3, 0, 0, 0
SpecialBuild: 
Translation: 0x0409 0x0000

Win32/TrojanDropper.Agent.PLN also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader25.31573
MicroWorld-eScanDropped:Trojan.GenericKD.46388702
FireEyeGeneric.mg.b63a04b817e6f948
McAfeeGenericRXAA-AA!B63A04B817E6
CylanceUnsafe
ZillyaDropper.Agent.Win32.98524
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 005203381 )
K7GWTrojan ( 005203381 )
Cybereasonmalicious.817e6f
ArcabitTrojan.Generic.D2C3D5DE
BitDefenderThetaGen:NN.ZexaF.34806.sq0@aiNfBMdj
CyrenW32/Rimod.A.gen!Eldorado
ESET-NOD32a variant of Win32/TrojanDropper.Agent.PLN
TrendMicro-HouseCallTROJ_AGENT_049226.TOMB
Paloaltogeneric.ml
ClamAVWin.Dropper.Genericrxeo-9849932-0
KasperskyVHO:Trojan-Downloader.Win32.Convagent.gen
BitDefenderDropped:Trojan.GenericKD.46388702
NANO-AntivirusTrojan.Win32.Rimod.crgjki
AvastWin32:Malware-gen
TencentTrojan.Win32.Qvod.kal
Ad-AwareDropped:Trojan.GenericKD.46388702
ComodoTrojWare.Win32.Agent.pln@4sguy9
BaiduWin32.Trojan-Dropper.Agent.s
VIPREDropped:Trojan.GenericKD.46388702
TrendMicroTROJ_AGENT_049226.TOMB
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftDropped:Trojan.GenericKD.46388702 (B)
IkarusTrojan.Win32.Rimod
JiangminTrojan/Generic.aksox
AviraTR/Patched.Ren.Gen
Antiy-AVLTrojan/Generic.ASMalwS.51E
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataDropped:Trojan.GenericKD.46388702
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win.KeyLogger.R423431
VBA32TrojanDownloader.Agent
ALYacDropped:Trojan.GenericKD.46388702
MalwarebytesNimnul.Virus.FileInfector.DDS
APEXMalicious
RisingTrojan.Win32.Downloader.aq (CLASSIC)
MAXmalware (ai score=89)
FortinetW32/Qvod.PRE!tr.dldr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/TrojanDropper.Agent.PLN?

Win32/TrojanDropper.Agent.PLN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment