Backdoor

Backdoor.Agent.ASMGen removal instruction

Malware Removal

The Backdoor.Agent.ASMGen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Agent.ASMGen virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup

How to determine Backdoor.Agent.ASMGen?



File Info:

crc32: 1F2CFCE6
md5: 87fd86d28ab4d059afd427632284fc7f
name: 87FD86D28AB4D059AFD427632284FC7F.mlw
sha1: c6a7f1731ff06f94fcd74bd71519e9ca11b3d391
sha256: 2a096184b1463b0ddfa4503ae53699d6055f495778386efd7f8e2d902a3b3dfc
sha512: 0c1f3ed847b4f1729e9e429899c14acd0b0dc3db515c41d9faafd9ca3c78041b233e661d0d4f9493177f3277f013f9d6a80f1d25f5a1b26b2907848c43ac63cc
ssdeep: 24576:tfGpEUa+1VGLVM87CBF2Z08tCygv6IfYTxsdGlhMyWTYfVkPVb4uKQeyYm3fwXn:lGNVqVMf2Z0vjhfCxeGlhQ04b4N7yPI
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: x5ddx5eax5d4x5e6x5e3x5d2x5d6x5e0x5dbx5d1x5d4x5d2x5d2x5e6x5d5x5e0x5e9x5dex5e1x5e9x5d4x5dcx5e9x5dax5ddx5e6x5e9x5dc
Assembly Version: 35.17.62.4
InternalName: Assembly Changer.exe
FileVersion: 95.97.83.32
CompanyName: x5d7x5e3x5d0x5d1x5ddx5d3x5ddx5d3x5d3x5d5x5d6x5dex5e0x5e2x5e7x5d8x5ddx5dcx5dax5e8x5e3x5d0x5e2x5e9x5e3x5e8x5d4x5d8x5e5x5d4
LegalTrademarks: x5d3x5dax5d5x5d1x5dfx5d7x5d2x5d8x5dex5dax5dbx5dax5e8x5d3x5d0x5e6x5d1x5eax5e3x5e2x5d7x5ddx5eax5e3x5dbx5d8x5d1x5e6x5d4
Comments: x5e6x5d4x5dbx5e3x5dex5eax5d0x5d7x5eax5e8x5e9x5d1x5e6x5e2x5d3x5d1x5dax5e2x5d5x5dfx5d0x5dex5e0x5eax5d4x5e8x5d1x5dfx5ddx5dd
ProductName: x5e5x5d8x5d7x5d4x5e5x5e6x5dbx5d1x5dfx5e9x5d8x5d5x5dex5e3x5e2x5dcx5d6x5dcx5e0x5ddx5e3x5eax5e9x5d8x5d0x5d2x5e3x5d7x5dfx5d3
ProductVersion: 95.97.83.32
FileDescription: x5e0x5e6x5dax5dfx5d5x5e8x5ddx5d7x5e1x5eax5e8x5e6x5dcx5d4x5dcx5e2x5e1x5e6x5e0x5eax5d1x5e1x5d1x5d3x5e5x5d1x5e1x5dax5dbx5df
OriginalFilename: Assembly Changer.exe

Backdoor.Agent.ASMGen also known as:

K7AntiVirusTrojan ( 0056f7a01 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen12.52681
MicroWorld-eScanGen:Variant.Bulz.172780
ALYacGen:Variant.Bulz.172780
CylanceUnsafe
SangforTrojan.Win32.Save.a
AlibabaBackdoor:MSIL/NetWiredRC.8d9e4a9e
K7GWTrojan ( 0056f7a01 )
Cybereasonmalicious.28ab4d
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.CLC
APEXMalicious
AvastWin32:Trojan-gen
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.MSIL.NetWiredRC.gen
BitDefenderGen:Variant.Bulz.172780
Ad-AwareGen:Variant.Bulz.172780
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZemsilF.34628.Fn0@aSAgxEe
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.87fd86d28ab4d059
EmsisoftTrojan.Agent (A)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1126748
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win32/Ymacco.AA08
ArcabitTrojan.Bulz.D2A2EC
AegisLabTrojan.MSIL.NetWiredRC.m!c
ZoneAlarmHEUR:Backdoor.MSIL.NetWiredRC.gen
GDataGen:Variant.Bulz.172780
AhnLab-V3Malware/Win32.Gen:Variant.Bulz.C4384128
McAfeeArtemis!87FD86D28AB4
MAXmalware (ai score=84)
MalwarebytesBackdoor.Agent.ASMGen
PandaTrj/GdSda.A
RisingBackdoor.NetWiredRC!8.2AF (CLOUD)
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.KKQ!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml
Qihoo-360Win32/Backdoor.NetWire.HwMAFVsA

How to remove Backdoor.Agent.ASMGen?

Backdoor.Agent.ASMGen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment