Backdoor

About “Backdoor.Win32.Agent.myucrs” infection

Malware Removal

The Backdoor.Win32.Agent.myucrs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Agent.myucrs virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Detects the presence of Windows Defender AV emulator via files
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Agent.myucrs?



File Info:

name: 8AB6546306243151D221.mlw
path: /opt/CAPEv2/storage/binaries/781f2f92076a825ea6a69afb7ae83bade7d202c5991201995dc0783976481f30
crc32: F03AA19B
md5: 8ab6546306243151d221ee85ed27a4da
sha1: 6ccc323202dbc11e62ad0679a44ffd92c19d5b22
sha256: 781f2f92076a825ea6a69afb7ae83bade7d202c5991201995dc0783976481f30
sha512: 4e9205db89fec94032a569f025a69e1bb459f3dfaaed890136d311c8f3e1c53ead5a769c80e57ba95e38ed69099d1b55202c7ea362d464b0ca7162cea69b694b
ssdeep: 24576:j3wNWUpHekTq5Wkqx8BDknxKZ6lvX0i54sLEbLeekniOUSyNi29FEkEdQybr9c:8vTkI2wc6lP0iALeFniOUL/gkEdHr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19565220577948326E09E27FC6BEEF1B30A257CFB2717A25B57B675C03822E619234217
sha3_384: 7f3893ef075bf8a248c5175cc3a923ff34f88b07ec2adac5d907fbcbac7395124d6a41c31978281d53629f8ef7894bfb
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2008-04-13 18:32:45


Version Info:

CompanyName: Rmevbbivd Yemxewocqy
FileDescription: Lsb04 Codjnxn Jdisnpxuap
FileVersion: 9.70.5917.13587 (bhmldry_blb.634734-6837)
InternalName: Kyqezyk
LegalCopyright: © Rmevbbivd Yemxewocqy. Txr Cpjqcx Ftnusemm.
OriginalFilename: EPVORSH.EXE            .MJL
PrivateBuild: Upmid 5, 8748
ProductName: Cudheoff Fuooozxm
ProductVersion: 9.70.5917.13587
Translation: 0x0409 0x04b0

Backdoor.Win32.Agent.myucrs also known as:

LionicTrojan.Win32.Agent.m!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.31011
MicroWorld-eScanTrojan.GenericKD.49196801
FireEyeGeneric.mg.8ab6546306243151
McAfeeGeneric .ol
CylanceUnsafe
VIPRETrojan.GenericKD.49196801
SangforTrojan.Win32.Packed.Vhh8
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaPacked:Win32/Conti.4fa45c65
K7GWTrojan ( 0056312b1 )
K7AntiVirusTrojan ( 0056312b1 )
CyrenW32/Trojan.HTLG-3496
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/Packed.CAB.AE suspicious
TrendMicro-HouseCallTROJ_FRS.0NA103I321
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Agent.myucrs
BitDefenderTrojan.GenericKD.49196801
AvastSNH:Script [Dropper]
Ad-AwareTrojan.GenericKD.49196801
SophosMal/Generic-R + Troj/Steal-BYO
F-SecureMalware.VBS/Starter.VPB
TrendMicroTROJ_FRS.0NA103I321
McAfee-GW-EditionGeneric trojan.ol
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.49196801 (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.49196801
WebrootW32.Trojan.GenKD
AviraTR/AutoIt.ipylz
MAXmalware (ai score=89)
ZoneAlarmBackdoor.Win32.Agent.myucrs
MicrosoftRansom:Win32/Conti
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.C4580390
MalwarebytesTrojan.Dropper.WXT.Generic
APEXMalicious
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
AVGSNH:Script [Dropper]
PandaTrj/CI.A

How to remove Backdoor.Win32.Agent.myucrs?

Backdoor.Win32.Agent.myucrs removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment