Win32/TrojanDropper.Agent.PRE (file analysis)

The Win32/TrojanDropper.Agent.PRE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDropper.Agent.PRE virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/TrojanDropper.Agent.PRE?


File Info:
name: CA4ECC553CC3B58E3A13.mlw
path: /opt/CAPEv2/storage/binaries/cf2a78e9a784e7ecd91de0fb3cd03b6fb5f180121f00b111f65e04aa89b91b7a
crc32: B56C7BA1
md5: ca4ecc553cc3b58e3a13f5ae180189e0
sha1: e00170921006f5e3fceafa30af55ace1196f608e
sha256: cf2a78e9a784e7ecd91de0fb3cd03b6fb5f180121f00b111f65e04aa89b91b7a
sha512: 9216023008a31133af512aafe4f4014fc5263ced997a804b00e3d708486c2dd03663b78dd7fbd4170e5ec8feb78b582e738faf6e04fe3e6d5d28cfdc0ec15e17
ssdeep: 1536:QKis516vVls8clyB4UKRbW0DWIPAhQWwN9/xHkatFfpVvJW62cXG:Q6L6vVhclyB4UoQIPcQxPOABfvJEcW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A7C3CF1378D1C0B6EA828970813B2F7BEFBA77340E5681439764DD686F35ED2C42A11B
sha3_384: e48b44cf8c44a737954ef68a22bd4cc507dce8a306afe7e21ac08933b2df81cb44bb701be88995d612583034218491fd
ep_bytes: 558bec6aff68f0704000682034400064
timestamp: 2012-01-14 14:19:02

Version Info:
Comments: 
CompanyName: Shenzhen QVOD Technology Co.,Ltd
FileDescription: QvodInstall Module
FileVersion: 4, 0, 4, 6
InternalName: QvodInstall.exe
LegalCopyright: Copyright(C) 2006-2012 QVOD
LegalTrademarks: 
OriginalFilename: QvodInstall.exe
PrivateBuild: 
ProductName: QvodInstall Module
ProductVersion: 4, 0, 4, 6
SpecialBuild: 
Translation: 0x0409 0x0000

Win32/TrojanDropper.Agent.PRE also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.ca4ecc553cc3b58e
McAfee	Artemis!CA4ECC553CC3
Cylance	Unsafe
VIPRE	Gen:Variant.Graftor.18183
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Trojan ( 005203381 )
K7GW	Trojan ( 005203381 )
CrowdStrike	win/malicious_confidence_100% (D)
Baidu	Win32.Trojan-Dropper.Agent.s
Cyren	W32/FraudLoad.F32_DET!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/TrojanDropper.Agent.PRE
APEX	Malicious
BitDefender	Gen:Variant.Graftor.18183
MicroWorld-eScan	Gen:Variant.Graftor.18183
Avast	Win32:Downloader-SNS [Trj]
Ad-Aware	Gen:Variant.Graftor.18183
Sophos	ML/PE-A
Comodo	TrojWare.Win32.Rimod.aj@4tvs05
DrWeb	Trojan.DownLoader25.31573
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Graftor.18183 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Generic.ahrto
Webroot	W32.Downloader.Gen
Avira	TR/Patched.Ren.Gen
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Generic.ASMalwS.51E
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Graftor.D4707
GData	Gen:Variant.Graftor.18183
Google	Detected
BitDefenderTheta	Gen:NN.ZexaCO.34646.hi0@a4OVAHmb
ALYac	Gen:Variant.Graftor.18183
TACHYON	Trojan/W32.Agent.120832.VJ
VBA32	BScope.TrojanBanker.Gozi
Malwarebytes	Trojan.Dropper
Rising	Trojan.DL.Win32.AVPlayer.a (CLASSIC)
Ikarus	Trojan-Dropper.Win32.Agent
AVG	Win32:Downloader-SNS [Trj]
Cybereason	malicious.53cc3b

How to remove Win32/TrojanDropper.Agent.PRE?

Win32/TrojanDropper.Agent.PRE removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X