Malware

Win64/Agent.XF (file analysis)

Malware Removal

The Win64/Agent.XF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64/Agent.XF virus can do?

  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Win64/Agent.XF?



File Info:

name: 51D3F1944DAFA522FB4A.mlw
path: /opt/CAPEv2/storage/binaries/656c9615fb84744f68997a299bdc5a18cb0e71549ed0d14f115ed55d41030dff
crc32: 5C501290
md5: 51d3f1944dafa522fb4a1e86272d7e16
sha1: c03e019d5083a535fed8860a38a7440d22572f6e
sha256: 656c9615fb84744f68997a299bdc5a18cb0e71549ed0d14f115ed55d41030dff
sha512: 1098ec85994644bb326ac4e66662ad642a0ec389b42e68bf2ef6b182193b7de948749d2256f60e4faac1936c59cc637b675c83f3cbe955b02b244787ac5bcb0e
ssdeep: 6144:cJgUZUpotyuZkmF8qVtocgUtOqEdEb9Hjt:cJAp0HZyEpgYDEib9Hx
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T11644F1232CA86F08D5335734B51B6F3902F54B1F2B7A56ACFAFE0BA5A1395005F1318A
sha3_384: 36648b12425de819aed1b02ebbe28a75b7f1eb21c71e01688e3d88949c9a6bb552a96a351d08f6cb78d1e1c29c24e0e7
ep_bytes: 53565755488d35951efcff488dbe0070
timestamp: 2021-11-18 17:58:53


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Host Process for Windows Service
FileVersion: 2.0.0.0
InternalName: sqhost.exe
LegalCopyright: Copyright (C) 2016
OriginalFilename: sqhost.exe
ProductName: sqhost.exe
ProductVersion: 2.0.0.0
Translation: 0x0409 0x04b0

Win64/Agent.XF also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
MalwarebytesTrojan.BitCoinMiner
BitDefenderGen:Heur.Variadic.Prometei.A
CrowdStrikewin/malicious_confidence_70% (D)
ESET-NOD32a variant of Win64/Agent.XF
APEXMalicious
MicroWorld-eScanGen:Heur.Variadic.Prometei.A
AvastWin64:DropperX-gen [Drp]
TencentMalware.Win32.Gencirc.11d8494c
Ad-AwareGen:Heur.Variadic.Prometei.A
SophosTroj/Miner-AAZ
McAfee-GW-EditionBehavesLike.Win64.Fake.dc
FireEyeGeneric.mg.51d3f1944dafa522
EmsisoftGen:Heur.Variadic.Prometei.A (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.Variadic.Prometei.A
AviraHEUR/AGEN.1140127
ArcabitTrojan.Variadic.Prometei.A
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.CoinMiner.R413841
ALYacGen:Heur.Variadic.Prometei.A
MAXmalware (ai score=80)
CylanceUnsafe
YandexTrojan.Agent!Agx7Z4q8cJg
eGambitUnsafe.AI_Score_92%
AVGWin64:DropperX-gen [Drp]
Cybereasonmalicious.44dafa
MaxSecureTrojan.Malware.300983.susgen

How to remove Win64/Agent.XF?

Win64/Agent.XF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment