Win32:Agent-AUKE [Trj] malicious file

The Win32:Agent-AUKE [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Agent-AUKE [Trj] virus can do?

Sample contains Overlay data
Unconventionial language used in binary resources: Czech
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32:Agent-AUKE [Trj]?


File Info:
name: D80C18BA8B4A3C985A13.mlw
path: /opt/CAPEv2/storage/binaries/6fe437c341f521ca56c0924bdd0a6d797043ca537108c118ff43db23ff956698
crc32: FF7E25C4
md5: d80c18ba8b4a3c985a133b1d78d4dc0b
sha1: fbdf13a10fc6488e77e497ebbfde6e9d26e0be9f
sha256: 6fe437c341f521ca56c0924bdd0a6d797043ca537108c118ff43db23ff956698
sha512: 224af9a0b3bf650320b9bfaeaef47f482a0a45b4f689c5320f6004a330c6e7c6e8b82a696b60bdbc9d30cfdbc299fecbaf03bfa4baa4085f7943518b5462a503
ssdeep: 3072:FkAwRzhjdRmSZiA6I2+IIdjgwZIIIIIIIIIIIIIIIIIIIRDYQcdQ7lPIIIIIIIIn:VwRh/7P6I2+IIdjgwZIIIIIIIIIIIII7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14EC358E50E67A5C4F0D246BE8B3745191BF4FB693144AE9729E1A108DB3E630FD213AC
sha3_384: b3bc754ef6d379cb6f7023e973497414d2f8772d42876d108b3dc20dcc936be4f39e55624c8bd627c7d7aab60666a481
ep_bytes: ba54edbacdaa09b3de1497e0e730d92d
timestamp: 2007-01-23 16:34:31

Version Info:
CompanyName: Macromedia, Inc.
FileDescription: Macromedia Flash Player 7.0  r14
FileVersion: 7,0,14,0
InternalName: Macromedia Flash Player 7.0
LegalCopyright: Copyright © 1996-2003 Macromedia, Inc.
LegalTrademarks: Macromedia Flash Player
OriginalFilename: SAFlashPlayer.exe
ProductName: Shockwave Flash
ProductVersion: 7,0,14,0
Translation: 0x0409 0x04b0

Win32:Agent-AUKE [Trj] also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Zbot.trfo
AVG	Win32:Agent-AUKE [Trj]
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.37577
FireEye	Trojan.GenericKDZ.37577
CAT-QuickHeal	W32.Ramnit.D
McAfee	W32/Ramnit.a
Cylance	unsafe
Zillya	Trojan.Ramnit.Win32.4589
Sangfor	Suspicious.Win32.Save.a
Alibaba	Trojan:Win32/Ramnit.b3a67982
K7GW	Trojan ( 005113571 )
K7AntiVirus	Virus ( 0031ed2c1 )
VirIT	Trojan.Win32.Generic.QYR
Cyren	W32/Ramnit.H.gen!Eldorado
Symantec	Packed.Protexor!gen1
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.Ramnit-6725877-0
BitDefender	Trojan.GenericKDZ.37577
NANO-Antivirus	Virus.WinXX.Nimnul.bqjjnb
Avast	Win32:Agent-AUKE [Trj]
Tencent	Trojan.Win32.Spy.aab
Emsisoft	Trojan.GenericKDZ.37577 (B)
Baidu	Win32.Trojan.Kryptik.gm
DrWeb	Win32.HLLW.Autoruner2.6551
VIPRE	Trojan.GenericKDZ.37577
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Win32.Virus.Nimnul.A
Jiangmin	Trojan/Fednu.aa
MAX	malware (ai score=83)
Antiy-AVL	Virus/Win32.Ramnit.gen
Arcabit	Trojan.Generic.D92C9
Microsoft	Trojan:Win32/Ramnit
Google	Detected
AhnLab-V3	Packed/Win32.Protexor.R27416
Acronis	suspicious
ALYac	Trojan.GenericKDZ.37577
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
Rising	Virus.Ramnit!1.B4E2 (CLASSIC)
Yandex	Win32.Ramnit.Gen.2
Ikarus	Trojan-Spy.Win32.Zbot
MaxSecure	Virus.Nimnul.Crpt
Fortinet	W32/Ramnit.A
Cybereason	malicious.a8b4a3
DeepInstinct	MALICIOUS

How to remove Win32:Agent-AUKE [Trj]?

Win32:Agent-AUKE [Trj] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X