Trojan

What is “WinGo/TrojanDropper.Agent.AD”?

Malware Removal

The WinGo/TrojanDropper.Agent.AD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What WinGo/TrojanDropper.Agent.AD virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine WinGo/TrojanDropper.Agent.AD?



File Info:

name: 20817F589619D031A7AC.mlw
path: /opt/CAPEv2/storage/binaries/89a1e4a7b7ab10e73e12ed5130d8167a610cf5deeef94a7e5f4f1fc7e742e6da
crc32: 5C0079C2
md5: 20817f589619d031a7ac62d6a5f6e8cd
sha1: 33f41c0935b0ded7622d0bb9d0db8d72ad0f326c
sha256: 89a1e4a7b7ab10e73e12ed5130d8167a610cf5deeef94a7e5f4f1fc7e742e6da
sha512: c417258ac46ccaf0bd8938df062e989a17ee9be0ee27ead7d81b874827cd1bbbab017f0864b9681f95f16196045b7d5162494b14b4cdf4468924b8cec07ef6fc
ssdeep: 49152:sOZl9uAjDqG40r2xkwZMParhU5lWMW7MXk98b1ZNr:sOZl9tNr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E606CF00F8DB84F4D529C936149BA39B2220AE679B76C5CBE8607E636D7F1D40F3354A
sha3_384: a984d966e3bd039ef4962dec75972cb3f4d08e786aebd2a046f014b9436bd2a86ec7394800a34cd63f9500a564315e59
ep_bytes: e94bddffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

WinGo/TrojanDropper.Agent.AD also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
McAfeeArtemis!20817F589619
CylanceUnsafe
SangforTrojan.Win64.Shelma.vie
CrowdStrikewin/malicious_confidence_90% (D)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of WinGo/TrojanDropper.Agent.AD
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win64.Shelma.vie
BitDefenderTrojan.GenericKDZ.87073
MicroWorld-eScanTrojan.GenericKDZ.87073
AvastWin32:Trojan-gen
TencentWin32.Trojan.Malware.Xgnv
Ad-AwareTrojan.GenericKDZ.87073
SophosMal/Generic-S
TrendMicroBackdoor.Win32.COBEACON.YXCD3Z
McAfee-GW-EditionBehavesLike.Win32.Trojan.wh
FireEyeGeneric.mg.20817f589619d031
EmsisoftTrojan.GenericKDZ.87073 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKDZ.87073
ArcabitTrojan.Generic.D15421
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ALYacTrojan.GenericKDZ.87073
MAXmalware (ai score=89)
MalwarebytesRansom.FileCryptor
TrendMicro-HouseCallBackdoor.Win32.COBEACON.YXCD3Z
RisingDropper.Agent!8.2F (CLOUD)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34638.0FW@ais@CWai
AVGWin32:Trojan-gen

How to remove WinGo/TrojanDropper.Agent.AD?

WinGo/TrojanDropper.Agent.AD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment