Categories: Backdoor

Backdoor.Agent.CA malicious file

The Backdoor.Agent.CA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Agent.CA virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Installs itself for autorun at Windows startup
Creates a copy of itself

How to determine Backdoor.Agent.CA?


File Info:
name: A0EA1A36EF5AD74D91D5.mlwpath: /opt/CAPEv2/storage/binaries/25501615dcc9198114f4351f925fa322eb407bedd859d488559f0613d11da2fecrc32: 4F75B251md5: a0ea1a36ef5ad74d91d55074d257739esha1: 06c968d5a0c49ebcc08a5f704e63f113ff936247sha256: 25501615dcc9198114f4351f925fa322eb407bedd859d488559f0613d11da2fesha512: e2d6d438a22c92b890cec271b9f821e2437e125967661df021264429056dcf1c0c30bd809334dfca2b9b2a65c8dc66e099c0b88608d2f0350c0a2885baf0a665ssdeep: 6144:QCMMLVndzhkoB9iD0XZx+iebksJKhTbmSvEjiYyh:pMML99hVpsie4aKhnmSv6iYyhtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T126545BC102A66F75C1E943B62E33B2B4F3174D4444EDB61FE3689109DCE631AAE9F681sha3_384: 40c49c52ef2532afe2329c2787c797db9d95da90e52bf1bac2f751bd1942b912004297ac4dc1d83507256f659e846384ep_bytes: ff250020400000000000000000000000timestamp: 2013-02-10 08:27:38
Version Info:
Translation: 0x0000 0x04b0FileDescription: ConsoleApplication1FileVersion: 1.0.0.0InternalName: ConsoleApplication1.exeLegalCopyright: Copyright ©  2013OriginalFilename: ConsoleApplication1.exeProductName: ConsoleApplication1ProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

Backdoor.Agent.CA also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Trojan.Agent.AZPI
FireEye	Generic.mg.a0ea1a36ef5ad74d
McAfee	Obfuscated-FOQ!hb
Malwarebytes	Backdoor.Agent.CA
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
Cybereason	malicious.6ef5ad
VirIT	Trojan.Win32.Generic.BJTA
Cyren	W32/A-75da57e1!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.FT
APEX	Malicious
ClamAV	Win.Trojan.Agent-596046
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Agent.AZPI
NANO-Antivirus	Trojan.Win32.Drop.dcnhav
SUPERAntiSpyware	Trojan.Agent/Gen-DarkKomet
Avast	MSIL:GenMalicious-CLY [Trj]
Tencent	Malware.Win32.Gencirc.10b36a7f
Ad-Aware	Trojan.Agent.AZPI
Emsisoft	Trojan.Agent.AZPI (B)
Comodo	TrojWare.MSIL.Kryptik.eh@55f2h4
DrWeb	Trojan.MulDrop4.25400
Zillya	Trojan.Kryptik.Win32.623893
TrendMicro	TROJ_SPNR.14G813
McAfee-GW-Edition	BehavesLike.Win32.Trojan.dh
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A + Troj/MDrop-GAY
Ikarus	Trojan-Dropper
GData	Trojan.Agent.AZPI
Jiangmin	Trojan/Generic.atlqi
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.Gen
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Backdoor:Win32/Bladabindi!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Gen
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.34742.rq3@aG7TMXj
ALYac	Trojan.Agent.AZPI
MAX	malware (ai score=81)
VBA32	Backdoor.DarkKomet
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_SPNR.14G813
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:0PbCaNzVDiT3v/K/wWh0EA)
Yandex	Trojan.Agent!l/M8tDeCthI
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Injector.SPI!tr
AVG	MSIL:GenMalicious-CLY [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)