Trojan

Should I remove “Win32/TrojanDropper.Agent.PPF”?

Malware Removal

The Win32/TrojanDropper.Agent.PPF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/TrojanDropper.Agent.PPF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Win32/TrojanDropper.Agent.PPF?


File Info:

name: B7DFF7E936507C847773.mlw
path: /opt/CAPEv2/storage/binaries/53c05f223b0591f0ac5c764d6d9c120779f14afcd50c3f9b139549905f15afeb
crc32: 387E3B7C
md5: b7dff7e936507c84777330ecf6450d88
sha1: cc9868b96c215966b246435f5782c9ea580cb7b5
sha256: 53c05f223b0591f0ac5c764d6d9c120779f14afcd50c3f9b139549905f15afeb
sha512: 893bcaa97c1e2a685e1571eaf3fe8dfb63dfaa242dd7db0ad27843e051d7d2a7d5218a23fde396e4a0644ea8d41523ab9c4665b6e8b6bf10d942a234d8850353
ssdeep: 12288:vDQyVe3t4QB3ImLE/ngyqCMVOGwYUd6ifjy0SRq6BTqS:vEyVe3tzBkngbCMVkYIrfubRq6BTqS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF158D41BDCB80FAD21516301DD97776A675EA152B17CFC393A4CE1D9C327C0AA3A23A
sha3_384: 78996e1206edf7b35cb633c462a7a66714f467f83c061deecbe8230223c5850909b1ff50b928bfc76bf7139ee9108f88
ep_bytes: 558bec6aff6820024200686cb7400064
timestamp: 2006-07-24 00:19:53

Version Info:

0: [No Data]

Win32/TrojanDropper.Agent.PPF also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Cud.Gen.1
FireEyeGeneric.mg.b7dff7e936507c84
CAT-QuickHealTrojan.Redosdru.19849
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
CrowdStrikewin/malicious_confidence_60% (W)
K7GWTrojan ( 0055e3df1 )
K7AntiVirusTrojan ( 0055e3df1 )
BaiduWin32.Trojan-Downloader.Agent.jm
VirITTrojan.Win32.Agent.DDV
CyrenW32/Risk.FCRW-6991
ESET-NOD32a variant of Win32/TrojanDropper.Agent.PPF
APEXMalicious
ClamAVWin.Downloader.Farfli-6453698-0
KasperskyTrojan-Dropper.Win32.Agent.bdz
BitDefenderTrojan.Cud.Gen.1
NANO-AntivirusTrojan.Win32.Agent.xaxj
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b1edcc
Ad-AwareTrojan.Cud.Gen.1
SophosMal/Generic-R
ComodoApplication.Win32.HackTool.Binder.~A@i2cao
DrWebTrojan.MulDrop.5414
ZillyaDropper.Agent.Win32.6732
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
EmsisoftTrojan.Cud.Gen.1 (B)
GDataTrojan.Cud.Gen.1 (2x)
JiangminTrojanDropper.Agent.ki
AviraHEUR/AGEN.1246216
MAXmalware (ai score=89)
KingsoftWin32.Hack.Undef.(kcloud)
ViRobotTrojan.Win32.Agent.200704.E
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Dropper/Win32.Xema.C73441
McAfeeGenericRXLN-HJ!B7DFF7E93650
VBA32BScope.TrojanDownloader.Dupzom
MalwarebytesMalware.AI.1542663378
TrendMicro-HouseCallBKDR_HUPIGON.EVG
RisingBackdoor.Gpigeon.kdt (CLASSIC)
YandexTrojan.GenAsa!DWsKsJO5Zmg
IkarusTrojan-Dropper.Agent
FortinetW32/Dropper.BBDT!tr
BitDefenderThetaGen:NN.ZexaF.34742.6qZ@a4Xuuedb
AVGWin32:Malware-gen
Cybereasonmalicious.936507
PandaBck/Hupigon.KNW

How to remove Win32/TrojanDropper.Agent.PPF?

Win32/TrojanDropper.Agent.PPF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment