Trojan.Spy.Agent

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	2,042
Threat Level:	80 % (High)
Infected Computers:	573,681

First Seen:	July 24, 2009
Last Seen:	January 21, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Ikarus	Gen.Trojan.Heur
Avast	Win32:Malware-gen
McAfee	Artemis!D951CF99EEC5
Panda	Lion.II
AhnLab-V3	BAT/Rootkit
Antiy-AVL	Trojan/Shell.Agent
AntiVir	TR/Rootkit.Linux.Agent.SK
Kaspersky	Trojan-Spy.Shell.Agent.a
Avast	VBS:Malware-gen
Symantec	Infostealer
F-Prot	Unix/Agent.SK
NOD32	Linux/Shell.Agent.A
K7AntiVirus	Trojan
McAfee	UNIX/Generic PWS
Sophos	Mal/Emogen-N

SpyHunter Detects & Remove Trojan.Spy.Agent

File System Details

Trojan.Spy.Agent may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	wbfrmwrk.exe	d951cf99eec581aafa5bc97eca083cb4	1,918
Name: wbfrmwrk.exe MD5: d951cf99eec581aafa5bc97eca083cb4 Size: 354.3 KB (354304 bytes) Detections: 1,918 Type: Executable File Path: %PROGRAMFILES%\WEB Framework Group: Malware file Last Updated: January 13, 2012
2.	winmon.sys	0abf2951ad6d55b34be49004261c4a41	1,144
Name: winmon.sys MD5: 0abf2951ad6d55b34be49004261c4a41 Size: 7.24 KB (7248 bytes) Detections: 1,144 Type: System file Path: %WINDIR%\system32\drivers\winmon.sys Group: Malware file Last Updated: October 7, 2024
3.	WinmonProcessMonitor.sys.dvs	cc32dc3e78ddc9c36e0cb286f255a999	296
Name: WinmonProcessMonitor.sys.dvs MD5: cc32dc3e78ddc9c36e0cb286f255a999 Size: 35.07 KB (35072 bytes) Detections: 296 Path: C:\Windows\System32\drivers\WinmonProcessMonitor.sys.dvs Group: Malware file Last Updated: March 11, 2025
4.	688606ed20b933123345a197a174110fdd92940ae3b67484b2a6f7ef001470ca	c74978bf8dbff9da9d3104fc3fe03cec	273
Name: 688606ed20b933123345a197a174110fdd92940ae3b67484b2a6f7ef001470ca MD5: c74978bf8dbff9da9d3104fc3fe03cec Size: 27.83 KB (27832 bytes) Detections: 273 Path: E:\5914079931432960\688606ed20b933123345a197a174110fdd92940ae3b67484b2a6f7ef001470ca Group: Malware file Last Updated: December 6, 2022
5.	winmonprocessmonitor.sys	d64b955e7e24dea146a70fbc671c5eb9	182
Name: winmonprocessmonitor.sys MD5: d64b955e7e24dea146a70fbc671c5eb9 Size: 28.36 KB (28368 bytes) Detections: 182 Type: System file Path: %WINDIR%\system32\drivers\winmonprocessmonitor.sys Group: Malware file Last Updated: September 7, 2022
6.	asz$audio.exe	fff6fe8e5091420d284da376b5641781	26
Name: asz$audio.exe MD5: fff6fe8e5091420d284da376b5641781 Size: 320 KB (320008 bytes) Detections: 26 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: October 24, 2025
7.	hbmwqlq.exe	90a74c3fa4357f9c4ebb2cb665cdd86a	15
Name: hbmwqlq.exe MD5: 90a74c3fa4357f9c4ebb2cb665cdd86a Size: 434.17 KB (434176 bytes) Detections: 15 Type: Executable File Path: C:\ProgramData\dhvev Group: Malware file Last Updated: December 7, 2018
8.	sexurbs.exe	2b530b9a6833c8ae3b9e5282ccdeaf79	6
Name: sexurbs.exe MD5: 2b530b9a6833c8ae3b9e5282ccdeaf79 Size: 297.33 KB (297335 bytes) Detections: 6 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\qtugd Group: Malware file Last Updated: October 30, 2018
9.	MARRIO~1.EXE	3dba917e0b2610600ac5d99d63c6211f	5
Name: MARRIO~1.EXE MD5: 3dba917e0b2610600ac5d99d63c6211f Size: 241.66 KB (241664 bytes) Detections: 5 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\MARRIO~1 Group: Malware file Last Updated: November 5, 2018
10.	NYQBIDP.exe	a6e351d7be60c0b518738badc8b1f5b3	5
Name: NYQBIDP.exe MD5: a6e351d7be60c0b518738badc8b1f5b3 Size: 1.52 MB (1527808 bytes) Detections: 5 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\NYQBIDP Group: Malware file Last Updated: November 7, 2018
11.	svhosts.exe	93937438037b43c45ec9c8442831f985	3
Name: svhosts.exe MD5: 93937438037b43c45ec9c8442831f985 Size: 31.74 KB (31744 bytes) Detections: 3 Type: Executable File Path: %LOCALAPPDATA%\Microsoft\Windows\Explorer Group: Malware file Last Updated: March 3, 2017
12.	ivrewkgc.exe	d07e48313d4459b9f6c6cb047dfd8baf	1
Name: ivrewkgc.exe MD5: d07e48313d4459b9f6c6cb047dfd8baf Size: 127.48 KB (127488 bytes) Detections: 1 Type: Executable File Path: c:\Users\<username>\appdata\local\ebcsswdx Group: Malware file Last Updated: October 12, 2018
13.	uhhxnxyzzxwx.exe	763408f6eacbb3770dc425f52d375481	1
Name: uhhxnxyzzxwx.exe MD5: 763408f6eacbb3770dc425f52d375481 Size: 663.74 KB (663743 bytes) Detections: 1 Type: Executable File Path: C:\Program Files (x86)\Hrvw0r2e Group: Malware file Last Updated: November 26, 2018
14.	Cleated.exe	d30191b8a128a44ea7acae6df8a7b797	1
Name: Cleated.exe MD5: d30191b8a128a44ea7acae6df8a7b797 Size: 241.66 KB (241664 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\AppData\Roaming Group: Malware file Last Updated: November 27, 2018
15.	eb753b.exe	8c6bc425e26fae9fc53f86e6f476a902	0
Name: eb753b.exe MD5: 8c6bc425e26fae9fc53f86e6f476a902 Size: 70.65 KB (70656 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
16.	hxgame-update.exe	449be139ef6d747a064ac290a5bee02c	0
Name: hxgame-update.exe MD5: 449be139ef6d747a064ac290a5bee02c Size: 225.28 KB (225280 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
17.	loader_5849_fHx8fDE0fHx8_.exe	fce949062bac2f218c150085c11db277	0
Name: loader_5849_fHx8fDE0fHx8_.exe MD5: fce949062bac2f218c150085c11db277 Size: 129.02 KB (129024 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 11, 2009
18.	brelib.dll	fe5da48e7903258d73c55510c3a92504	0
Name: brelib.dll MD5: fe5da48e7903258d73c55510c3a92504 Size: 279.55 KB (279552 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: January 8, 2010
19.	services.exe	ac76d2eb82204ff13a0b5ddf3f8cb603	0
Name: services.exe MD5: ac76d2eb82204ff13a0b5ddf3f8cb603 Size: 27.64 KB (27648 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 8, 2010
20.	uninstall.exe	1427d243b007958e480e6ca78f8c6419	0
Name: uninstall.exe MD5: 1427d243b007958e480e6ca78f8c6419 Size: 208.89 KB (208896 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 8, 2010
21.	autochk.dll	d886bf93a7014262c9f2f7755e6a6697	0
Name: autochk.dll MD5: d886bf93a7014262c9f2f7755e6a6697 Size: 24.06 KB (24064 bytes) Detections: 0 Type: Dynamic link library Group: Malware file Last Updated: January 21, 2010
22.	SysUp23.exe	3a387a83bf03ee75cdcd99d71df02051	0
Name: SysUp23.exe MD5: 3a387a83bf03ee75cdcd99d71df02051 Size: 218.11 KB (218112 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: April 15, 2010

More files

Registry Details

Trojan.Spy.Agent may create the following registry entry or registry entries:

File name without path

RE[B]Ell.bat

Regexp file mask

%ALLUSERSPROFILE%\ccleaner.exe

%ALLUSERSPROFILE%\Windows Server\wserver.exe

%APPDATA%\datZZ~.dat

%APPDATA%\dvdcss\dvdcss.exe

%APPDATA%\Kaspersky Internet Security 2017\explorers.exe

%APPDATA%\Kaspersky Internet Security 2017\spoolsvc.exe

%APPDATA%\Kaspersky Internet Security 2017\svhost.exe

%APPDATA%\Kaspersky Internet Security 2017\Taskhosts.exe

%APPDATA%\WebCounter\WebCounter.exe

%COMMONPROGRAMFILES%\finder.exe

%COMMONPROGRAMFILES(x86)%\finder.exe

%LOCALAPPDATA%\Jaxx\jaxxsrv.exe

%LOCALAPPDATA%\Microsoft Windows\svchost.exe

%LOCALAPPDATA%\Packages\SandboxieRpcSc.exe

%LOCALAPPDATA%\Packages\svchost.exe

%USERPROFILE%\gupd.exe

%WINDIR%\Media\Long\certsvc.exe

%WINDIR%\system32\drivers\ibinldr.sys

%WINDIR%\System32\drivers\WinmonProcessMonitor.sys

%WINDIR%\SysWOW64\Windows Server\wserver.exe

Directories

Trojan.Spy.Agent may create the following directory or directories:

%ALLUSERSPROFILE%\googieupdater

%TEMP%\NetPlatform\WorkDir

%WINDIR%\cmdacoBin

Analysis Report

General information

Family Name:	Trojan.Spy.Agent
Signature status:	No Signature

Known Samples

MD5: 2c3eb1a5a9784bd4ae1cca8562d12b63

SHA1: ee0338ba376c82caf621a7a69e6dc7175403f405

SHA256: 6C0CA3BDBE400F6AB8CB0F5729BB40D3207EEE97B6582215F88556E35E3B2857

File Size: 1.10 MB, 1101824 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Version	5.50
Internal Name	Setup
Original Filename	Setup.exe
Product Name	3
Product Version	5.50

File Traits

Installer Version
vb6
x86

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df014a0baf01e85b7a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows nt\currentversion\appcompatflags\compatibility assistant\persisted::c:\users\user\downloads\ee0338ba376c82caf621a7a69e6dc7175403f405_0001101824.exe		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Other Suspicious	SetWindowsHookEx
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess

Trojan.Spy.Agent

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Trojan.Spy.Agent

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Related Posts

Trending

Most Viewed