Backdoor

Backdoor.Win32.Agent.myugjg removal instruction

Malware Removal

The Backdoor.Win32.Agent.myugjg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Agent.myugjg virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Detects the presence of Windows Defender AV emulator via files
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Agent.myugjg?



File Info:

name: EE596FDDC2C96595BE57.mlw
path: /opt/CAPEv2/storage/binaries/f4f46c234e9d8d3a4e27b6ac4291988b49896360edc5ae8ed8c8d61ef52778b9
crc32: F64BC6D5
md5: ee596fddc2c96595be573caa018acac2
sha1: 83e054b15ded917d38d5697a56e706cbe30efdf7
sha256: f4f46c234e9d8d3a4e27b6ac4291988b49896360edc5ae8ed8c8d61ef52778b9
sha512: eb9249832c06b0fd56c14dd7cc0abefedf85cc63ec723cf0479140d0f232adbfdce070e3b6624c51c2630eef125f640d2bb7bd907de4224954215deba3a86c31
ssdeep: 24576:a0YPRg2i08NyKVKjWiOBK9JiastnI+ifi9yTS6rj3tp2ZBI0:wg8KVRBwwVnI+yi0TbrPcB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C715F15253F8412AF0F63B709DF956921E7ABCA1BE78D24E620471AE5C72B808D74733
sha3_384: a1d55c048ef6c510f3af8a0613b3f8fc0a7dde6aca171cac51e785843278227ad107a363c1de7c77ace40cec2fc8c587
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: dmex
FileDescription: ToolStatus plugin for Process Hacker
FileVersion: 2.4
InternalName: ToolStatus
LegalCopyright: Licensed under the GNU GPL, v3.
OriginalFilename: ToolStatus.dll
ProductName: ToolStatus plugin for Process Hacker
ProductVersion: 2.4
Translation: 0x0c09 0x04b0

Backdoor.Win32.Agent.myugjg also known as:

tehtrisGeneric.Malware
FireEyeGeneric.mg.ee596fddc2c96595
CylanceUnsafe
Cybereasonmalicious.15ded9
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.CAB.BN suspicious
KasperskyBackdoor.Win32.Agent.myugjg
SUPERAntiSpywareTrojan.Agent/GenericKD
AvastWin32:Malware-gen
SophosMal/Malit-C
McAfee-GW-EditionBehavesLike.Win32.BadFile.cc
APEXMalicious
AviraVBS/Starter.VPB
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R462046
McAfeeArtemis!EE596FDDC2C9
IkarusMalware.Win32.AVEvader
FortinetRiskware/Application
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Backdoor.Win32.Agent.myugjg?

Backdoor.Win32.Agent.myugjg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment