Win32:Agent-AVXV [Trj] (file analysis)

The Win32:Agent-AVXV [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32:Agent-AVXV [Trj] virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (5 unique times)
Reads data out of its own binary image
Performs some HTTP requests
Unconventionial language used in binary resources: Chinese (Simplified)
Tries to unhook or modify Windows functions monitored by Cuckoo
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

www.882n.com

parkingcrew.net

iyfsearch.com

i2.cdn-image.com

i4.cdn-image.com

i1.cdn-image.com

i3.cdn-image.com

a.tomx.xyz

How to determine Win32:Agent-AVXV [Trj]?


File Info:
crc32: FE858938
md5: ba60833e04b37054abb670e47e6be286
name: QQCK.exe
sha1: 6b19fbcdf3fa6bedf33f51b25b5c29fa954aa16b
sha256: b9538aa4bf5e1d6523bd57a8f914b66117f05fbb9097ac2dabf881306209d18c
sha512: 061f978c5e7df84127b81afc71948778b952af977f1ea9b8047c9240c9eaa099eb8c50524ba1732c64dd513eea9db3f171f9b986aeb42fd3e334208da998db3d
ssdeep: 12288:zXq0i5j2Ii15nsm1sb1H1ZTQgwKFA/SMZoSxHhxF:jI25sm1sxQgwKFM1H
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x9b3cx624bx8001x66fe
FileVersion: 2.1.0.0
CompanyName: x9b3cx624bx8001x66fe
Comments: x9b3cx624bx8001x66fe
ProductName: QQx7a7ax95f4x66b4x529bx7834x89e3x67e5x770bx5668
ProductVersion: 2.1.0.0
FileDescription: x9b3cx624bx8001x66fe
x7ffbx8bd1: 0x0804 0x04b0

Win32:Agent-AVXV [Trj] also known as:

Bkav	W32.AIDetectVM.malware
FireEye	Generic.mg.ba60833e04b37054
CAT-QuickHeal	Downloader.AdLoad.12395
McAfee	GenericRXFE-NV!BA60833E04B3
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 005246d51 )
K7GW	Password-Stealer ( 0049ad991 )
Cybereason	malicious.df3fa6
TrendMicro	TROJ_SPNR.38H414
F-Prot	W32/Trojan.CLL.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Agent-AVXV [Trj]
ClamAV	Win.Malware.Zusy-6840460-0
GData	Win32.Trojan.Agent.L6GBSC
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/Generic.7b2c8afe
NANO-Antivirus	Trojan.Win32.TrjGen.cvjxhm
AegisLab	Trojan.Win32.Genome.4!c
Rising	Trojan.Dynamer!8.3A0 (CLOUD)
Comodo	Worm.Win32.Dropper.RA@1qraug
F-Secure	Trojan:W32/DelfInject.R
DrWeb	Trojan.Click2.36362
Zillya	Trojan.Genome.Win32.194651
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan-PSW.OnlineGames4
Cyren	W32/Trojan.CLL.gen!Eldorado
Jiangmin	Trojan/Agent.dwph
Webroot	W32.Rogue.Gen
Avira	TR/Offend.KDV.571266
eGambit	Unsafe.AI_Score_99%
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Genome
Endgame	malicious (high confidence)
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Dynamer!dtc
AhnLab-V3	Trojan/Win32.Dynamer.C409785
Acronis	suspicious
VBA32	Trojan.Genome.af
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCall	TROJ_SPNR.38H414
Tencent	Win32.Trojan.Generic.Pgmi
Yandex	Trojan.Genome!4URIrMzSenA
SentinelOne	DFI – Malicious PE
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	Adware/FlyStudio
AVG	Win32:Agent-AVXV [Trj]
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Win32:Agent-AVXV [Trj]?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32:Agent-AVXV [Trj] (file analysis)