Categories: Backdoor

Backdoor.Win32.Agent.myufoa removal

The Backdoor.Win32.Agent.myufoa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Win32.Agent.myufoa virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
A HTTP/S link was seen in a script or command line
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Attempts to execute suspicious powershell command arguments

How to determine Backdoor.Win32.Agent.myufoa?


File Info:
name: 3F8EE92475B81E4F7677.mlwpath: /opt/CAPEv2/storage/binaries/4696b6c82dbeb6488e04362132bbc0d114a41c350d4118e8ac6e40d66313de18crc32: 67A37CD2md5: 3f8ee92475b81e4f767777d2162b452fsha1: a84f6de17bc74bf0c1eeb638c780bc5547e63ef8sha256: 4696b6c82dbeb6488e04362132bbc0d114a41c350d4118e8ac6e40d66313de18sha512: e247e7a38517b6b51e5ddfedfa51aad119b0696af5eef443808d508f397356415a4f706f8385223197aa83e24d28f206c16c529a0cf4c7532973758a31e854e1ssdeep: 49152:i1qUuwI4U2sAZg6BDi6LVA7ImsFeFiqaFW3A:i1EwI4UZAZgIDTKKFM2btype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1889533E0ABD700B8C1DA1E705C54FFB65846BA690314CED763547C2B7E22ACBA73D05Asha3_384: f0dc70e293b9dcc268cc0af31d8292dc58d00841f779b667b1c2810a23d9f06d320f70c41043345eb9e169bd2e0ed0dfep_bytes: 558bec6aff6878c84100684095410064timestamp: 2016-04-02 22:14:00
Version Info:
Comments: Far Reached SoftwareCompanyName: Far Reached SoftwareFileDescription: Far Reached SoftwareLegalCopyright: Far Reached SoftwareLegalTrademarks: Far Reached SoftwareProductName: Far Reached SoftwareFileVersion: 6.21.63ProductVersion: 6.21.63InternalName: Far ReachedOriginalFilename: Far Reached.exeTranslation: 0x0407 0x04b0

Backdoor.Win32.Agent.myufoa also known as:

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Trojan.Sesfix.1
FireEye	Trojan.Sesfix.1
ALYac	Trojan.Sesfix.1
Alibaba	Packed:Win32/7Drop.b3845adc
BitDefenderTheta	Gen:NN.ZexaF.34084.7r3@aWabKhki
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.7Zip.S.gen
TrendMicro-HouseCall	TROJ_GEN.R002H0CLB21
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Agent.myufoa
BitDefender	Trojan.Sesfix.1
Avast	Win32:7Drop-D [Trj]
Tencent	Win32.Trojan.Sesfix.Lnow
McAfee-GW-Edition	BehavesLike.Win32.Vawtrak.tc
Emsisoft	Trojan.Sesfix.1 (B)
GData	Trojan.Sesfix.1
eGambit	Unsafe.AI_Score_100%
Avira	HEUR/AGEN.1143645
MAX	malware (ai score=89)
ViRobot	Trojan.Win32.Z.Sesfix.2024216
Microsoft	Trojan:Win32/Tiggre!rfn
Cynet	Malicious (score: 100)
McAfee	Artemis!3F8EE92475B8
VBA32	Backdoor.Agent
Malwarebytes	Backdoor.DarkComet
Ikarus	Trojan.Win32.7zip
Rising	Malware.AbnormalStub/SFX!1.D758 (CLASSIC)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.133535815.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:7Drop-D [Trj]
Panda	Trj/CI.A