Categories: Backdoor

Backdoor.Agent.SVCGen malicious file

The Backdoor.Agent.SVCGen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Agent.SVCGen virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Installs itself for autorun at Windows startup
Creates a copy of itself

How to determine Backdoor.Agent.SVCGen?


File Info:
name: 1662624F71D2BBFE1A94.mlwpath: /opt/CAPEv2/storage/binaries/a2477aef6d1801940d28902e99008d8c3299e44c9c06d1b51b274ea3f1365731crc32: 2CD08C87md5: 1662624f71d2bbfe1a941a703094500asha1: 63e85ab2ea9f1504df803b63d9afd8c966813917sha256: a2477aef6d1801940d28902e99008d8c3299e44c9c06d1b51b274ea3f1365731sha512: 46d44ebff4d358b2dc604d9513e4b13177c35503c0a06a552829de4bd5f7fec3ac65570a834ff29160f1d0cd1b0da14d1dbc1b28b1c65264d34b5319b3b6860cssdeep: 49152:qp7uZuTO3//PZSSpqukZHsaf4eTkx5frT+BW4Q7oLyMz72kfm0qkBnY:type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B8F56B39DE65243DB572AB7CC6B02196BA5E6BD3B70B4CAC20B642CD0B27D5399C103Dsha3_384: a6e4c1a81a58df24e1b12fd7becae44c3f17a94cfd2ef788defa2b48e4f4c58fde293f4a51cd3f64d98e237f357f196dep_bytes: ff250020400000000000000000000000timestamp: 2022-05-07 11:43:31
Version Info:
Translation: 0x0000 0x04b0FileDescription:  FileVersion: 7.7.2.6InternalName: 2.exeLegalCopyright: sxLFjlMlnIcwaspLegalTrademarks: gDZqTKJuaftTZScOriginalFilename: 2.exeProductName: aSVJoyENvgavFebProductVersion: 7.7.2.6Assembly Version: 7.7.2.6

Backdoor.Agent.SVCGen also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
BitDefender	Gen:Trojan.Mardom.PN.15
Cybereason	malicious.f71d2b
Cyren	W32/MSIL_Razy.H.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Injector.TF
APEX	Malicious
ClamAV	Win.Dropper.Napolar-6965181-0
Kaspersky	Trojan.MSIL.Pakes.ar
NANO-Antivirus	Trojan.Win32.Win32.dcjqck
MicroWorld-eScan	Gen:Trojan.Mardom.PN.15
Ad-Aware	Gen:Trojan.Mardom.PN.15
Emsisoft	Gen:Trojan.Mardom.PN.15 (B)
F-Secure	Trojan.TR/Injector.GJ.3
DrWeb	Trojan.Inject.3481
TrendMicro	TROJ_NAPOLAR.SM1
FireEye	Generic.mg.1662624f71d2bbfe
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
GData	Gen:Trojan.Mardom.PN.15
Jiangmin	Trojan/MSIL.boq
Avira	TR/Injector.GJ.3
MAX	malware (ai score=87)
Arcabit	Trojan.Mardom.PN.15
ZoneAlarm	Trojan.MSIL.Pakes.ar
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3	Trojan/Win32.Inject.R10130
Acronis	suspicious
VBA32	CIL.StupidPInvoker-2.Heur
ALYac	Gen:Trojan.Mardom.PN.15
Malwarebytes	Backdoor.Agent.SVCGen
TrendMicro-HouseCall	TROJ_NAPOLAR.SM1
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL:s6Qz5kzoWfr23dm6llwrsQ)
Ikarus	Trojan-Spy.MSIL
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Injector.PE!tr
BitDefenderTheta	Gen:NN.ZemsilF.34638.Cp0@aGQHNxb
AVG	MSIL:Agent-FI [Trj]
Avast	MSIL:Agent-FI [Trj]
CrowdStrike	win/malicious_confidence_100% (D)