Crack

WinGo/HackTool.Agent.Y malicious file

Malware Removal

The WinGo/HackTool.Agent.Y is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What WinGo/HackTool.Agent.Y virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine WinGo/HackTool.Agent.Y?


File Info:

name: 4F162F8F4C574BB0B01C.mlw
path: /opt/CAPEv2/storage/binaries/4562673c99d7b2c4e4cb22b5176158b3e86e46a6fbab3c8217f5e8e87ce7513a
crc32: ADCC5A87
md5: 4f162f8f4c574bb0b01c5b4712963d5a
sha1: 1476f915563fb39fe6409717566cb7c63ef844bd
sha256: 4562673c99d7b2c4e4cb22b5176158b3e86e46a6fbab3c8217f5e8e87ce7513a
sha512: 5d053b39b1923b09379d4597632efc7c4abbe253efe266d0c4b2e7d839cf513ea01e00956dc83120229aea04055cef5ab7d4bac98dabd4cb9eb804e84488f159
ssdeep: 98304:BT5GIyG0BNhGmzasMG25duwvvrmIiKZkgOqzEU3otFWLI8zMhihDsnxb6P0UbIu:Bl9yBepT75jz9otFWsGMhi6xbKdbI
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1C5C63A90F9DB44F5EA03147054ABA27F23306E099B34CEC7D6647F6AE8379E10A77219
sha3_384: ffdf53ee73771213e7521cf73dba6c25b1983ce1bc3852cdf29cf30015fc2405dfe6a685a5927e9484c59ac6adc52c1d
ep_bytes: e9cbdcffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00

Version Info:

0: [No Data]

WinGo/HackTool.Agent.Y also known as:

McAfeeArtemis!4F162F8F4C57
CylanceUnsafe
SangforHacktool.Win64.FRP.gen
K7AntiVirusTrojan ( 0058f6271 )
AlibabaNetTool:Win64/Redcap.3c0205dc
K7GWTrojan ( 0058f6271 )
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of WinGo/HackTool.Agent.Y
TrendMicro-HouseCallTROJ_GEN.R002H0DCQ22
Paloaltogeneric.ml
Kasperskynot-a-virus:HEUR:NetTool.Win64.FRP.gen
AvastWin32:Trojan-gen
TencentWin32.Hacktool.Agent.Pdwg
ZillyaTool.Agent.Win32.105993
McAfee-GW-EditionBehavesLike.Win32.BadFile.wh
SophosFast Reverse Proxy (PUA)
AviraTR/Redcap.sygvz
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Trickbot!ml
ZoneAlarmnot-a-virus:HEUR:NetTool.Win64.FRP.gen
GDataGeneric.Trojan.Agent.LAWTVL
CynetMalicious (score: 99)
APEXMalicious
RisingHacktool.Agent!8.335 (CLOUD)
MaxSecureTrojan.Malware.116400676.susgen
FortinetW32/Agent.Y!tr
AVGWin32:Trojan-gen

How to remove WinGo/HackTool.Agent.Y?

WinGo/HackTool.Agent.Y removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment