Trojan

Win64/TrojanDownloader.Agent.NB removal guide

Malware Removal

The Win64/TrojanDownloader.Agent.NB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win64/TrojanDownloader.Agent.NB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • A HTTP/S link was seen in a script or command line
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Uses suspicious command line tools or Windows utilities

How to determine Win64/TrojanDownloader.Agent.NB?


File Info:

name: F31724EE3EADD6F4944C.mlw
path: /opt/CAPEv2/storage/binaries/7e5a0ec05c6f65838135d143cb732980d71353e12c893f90bfa94a12c262293b
crc32: 29A81316
md5: f31724ee3eadd6f4944caad1da5ec854
sha1: 247d59d42cd8b6b148ca6e56e856f30fcafe1134
sha256: 7e5a0ec05c6f65838135d143cb732980d71353e12c893f90bfa94a12c262293b
sha512: 3bb5508db1a25f24ac2c9e16adeca9b5c248d9839b3265c764a67807a5f8edb3e57d0d147ec179309a679e45b9b1f2f854bfc604a682bfb7f2c3fa2ad6c97612
ssdeep: 768:do19X81qQaITHfEqTIYv4gKNwFP31YbL6LbpdoOPKv+H:dorXOqQpEqTIm4gKN2P31SEbpByo
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T16F4383D57AD89C9AEA04423C41EAD332657DB6E0C7534B136A30B6320F12BD17ED726E
sha3_384: 3e4bd8bab738db99369a05066b799d2d01bed039105c90863c3c3bc310ea03f3e0c2cd831ce9bbcb2fe4c5f6a085de38
ep_bytes: 4883ec28488b05b5420000c700000000
timestamp: 2021-12-06 07:51:10

Version Info:

0: [No Data]

Win64/TrojanDownloader.Agent.NB also known as:

MicroWorld-eScanTrojan.GenericKD.47599236
FireEyeTrojan.GenericKD.47599236
McAfeeRDN/Generic.dx
K7AntiVirusTrojan-Downloader ( 0058baf61 )
BitDefenderTrojan.GenericKD.47599236
K7GWTrojan-Downloader ( 0058baf61 )
CyrenW64/Autorun.EO.gen!Eldorado
ESET-NOD32Win64/TrojanDownloader.Agent.NB
Paloaltogeneric.ml
AlibabaTrojanDownloader:Win64/Badjoke.75950d95
AvastWin32:Dh-A [Heur]
Ad-AwareTrojan.GenericKD.47599236
EmsisoftTrojan.GenericKD.47599236 (B)
TrendMicroTROJ_GEN.R002C0PLC21
McAfee-GW-EditionRDN/Generic.dx
SophosMal/Generic-S
AviraTR/Dldr.Agent.nbfrs
MAXmalware (ai score=81)
GDataTrojan.GenericKD.47599236
CynetMalicious (score: 99)
ALYacTrojan.GenericKD.47599236
TrendMicro-HouseCallTROJ_GEN.R002C0PLC21
IkarusTrojan.Win64.Badjoke
FortinetW64/Agent.NB!tr.dldr
AVGWin32:Dh-A [Heur]

How to remove Win64/TrojanDownloader.Agent.NB?

Win64/TrojanDownloader.Agent.NB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment