Using this site

Please ensure you understand and agree with our data protection policy before using this site. Review Policy

Ketw.exe Trojan AgentTesla Analysis

Trojan AgentTesla
Updated on 2023-09-08 (8 months ago)
Checked by Online Virus Scanner
Online Virus Checkerv.1.0.136.174
DB Version:2023-09-08 20:06:40

Trojan.Win32.AgentTesla.bot

AgentTesla is a Remote Access Trojan (RAT) built on the .Net framework, primarily utilized to acquire initial access to systems. It's frequently employed within the framework of Malware-As-A-Service (MaaS). Within this illicit business model, individuals referred to as "initial access brokers" (IAB) offer their specialized expertise to criminal groups seeking to exploit corporate networks. As an initial-stage malware, AgentTesla facilitates remote access to a compromised system, subsequently permitting the downloading of more advanced secondary tools, including ransomware.

Fileketw.exe
Checked2023-09-08 20:29:43
MD526e228886e8ad6bb4ef826c4e209e184
SHA12f7506dbc7ecb7a84df8cc5edd6a7bf258734325
SHA25642678776f6a08cb68c1e82ca815633a8397b10efd22fbbefd61f67d2506d1f49
SHA512c9c2361f88febd8b21dd27a073f72d641c6e967a658df774c878a53709e9279ac3a83faa86f18fc4aee77e0cfb6ec83acafb7a39a0b3a7aa77b81474f458041e
Imphashf34d5f2d4577ed6d9ceec516c1f5a744
File Size635392 bytes

Trojan.Win32.AgentTesla.bot Removal

Trojan.Win32.AgentTesla.bot Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.AgentTesla.bot without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

File Version Information

Translation0x0000 0x04b0
Comments
CompanyName
FileDescriptionPerentWindow
FileVersion1.0.0.0
InternalNameketw.exe
LegalCopyrightCopyright © 2015
LegalTrademarks
OriginalFilenameketw.exe
ProductNamePerentWindow
ProductVersion1.0.0.0
Assembly Version1.0.0.0

Portable Executable Info

Image Base:0x00400000
Entry Point:0x0049c646
Compilation:2023-09-08 02:47:46
Checksum:0x00000000 (Actual: 0x000a7f49)
OS Version:4.0
PDB Path:ketw.pdb
PEiD:-
Sign:The PE file does not contain a certificate table.
Sections:3
Imports: mscoree,
Exports: 0
Resources:2

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00002000 0x0009a64c 0x0009a800 e125cbf1e500da1cbe4e596ca73037db 7.99
.rsrc 0x0009e000 0x000005ac 0x00000600 99eedfa9031aea4f0d64e55b9735d994 4.08
.reloc 0x000a0000 0x0000000c 0x00000200 ccd3310e68bc25df69569cea67b5cec3 0.10

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Learn more Download Now
Gridinsoft Anti-Malware