Backdoor

Backdoor.Win32.Agent.myugrq removal

Malware Removal

The Backdoor.Win32.Agent.myugrq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Agent.myugrq virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the OnlyLogger malware family
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Attempts to execute suspicious powershell command arguments

How to determine Backdoor.Win32.Agent.myugrq?



File Info:

name: CF51857DD2ACA5DBB3A9.mlw
path: /opt/CAPEv2/storage/binaries/6fa6e9071c19b62e10e8e27d13790136b3aca1664fb2ec60af41c683fa4c9b5c
crc32: 1D77966B
md5: cf51857dd2aca5dbb3a9ba5aa8a14979
sha1: f97947f0210795c17a07e63aa36c6bbc4a9f3085
sha256: 6fa6e9071c19b62e10e8e27d13790136b3aca1664fb2ec60af41c683fa4c9b5c
sha512: d8ce5f2d703c00ba0af8dc8ff970a8641f2e1e3ac1d2c45a4de1f134ef925c0baba4bbc421b9775535ed937eae6daa949bc1a8072dc66950f587940e08a170f1
ssdeep: 196608:x53qVip4WSLOIEUvuzuylr1+xC8fRpx8L9IEvlnDBo8TJipbv2:x56zWSLO+/Or1KCQRML9PvlnD28Jipbe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12D7633A87BD1A4AFC2F1CD70DA5C371A68F0A7500B19C72F17CA54ADDB2E9A107748D2
sha3_384: 52a6d82993c4631191e06aa173398d011f3f402d5764620de3714f4355a5c578442e81f0fbfe56cc32305cdca4a10216
ep_bytes: 558bec6aff6898c24100680691410064
timestamp: 2019-02-21 16:00:00


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 19.00
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 19.00
Translation: 0x0409 0x04b0

Backdoor.Win32.Agent.myugrq also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.GenericKD.38690777
FireEyeDropped:Trojan.GenericKD.38690777
CAT-QuickHealBackdoor.Manuscrypt
ALYacDropped:Trojan.GenericKD.38690777
CylanceUnsafe
K7AntiVirusTrojan ( 0058d5901 )
BitDefenderDropped:Trojan.GenericKD.38690777
K7GWTrojan ( 0058d5901 )
Cybereasonmalicious.dd2aca
CyrenW32/SillyBackdoor.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
ClamAVWin.Dropper.Pswtool-9857488-0
KasperskyBackdoor.Win32.Agent.myugrq
NANO-AntivirusRiskware.Win32.PSWTool.hqsnsl
Ad-AwareDropped:Trojan.GenericKD.38690777
EmsisoftDropped:Trojan.GenericKD.38690777 (B)
ComodoMalware@#2o8f2q1tb7uai
BitDefenderThetaGen:NN.ZexaF.34182.yq0@aOmr3JiG
TrendMicroTROJ_GEN.R002C0WAN22
McAfee-GW-EditionBehavesLike.Win32.HToolPassView.wc
SophosML/PE-A + Mal/Agent-AWV
GDataDropped:Trojan.GenericKD.38690777
JiangminTrojan.Generic.hezan
AviraTR/Downloader.IT
Antiy-AVLTrojan/Generic.ASMalwS.3510DFE
KingsoftWin32.Troj.Banker.(kcloud)
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftRansom:Win32/StopCrypt.PAR!MTB
CynetMalicious (score: 100)
MAXmalware (ai score=80)
VBA32Trojan.Injuke
MalwarebytesMalware.AI.1689158496
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0WAN22
RisingTrojan.Agent!8.B1E (TFE:dGZlOgUcAGfiOMtN0Q)
IkarusTrojan-Downloader.Win32.Agent
FortinetW32/Kryptik.HOCG!tr
AVGWin32:CrypterX-gen [Trj]
AvastWin32:CrypterX-gen [Trj]

How to remove Backdoor.Win32.Agent.myugrq?

Backdoor.Win32.Agent.myugrq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment