What is "BScope.Exploit.ShellCode"?

The BScope.Exploit.ShellCode is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What BScope.Exploit.ShellCode virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial language used in binary resources: Serbian
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

a.tomx.xyz

iplogger.org

redblur.top

How to determine BScope.Exploit.ShellCode?


File Info:
crc32: 70EDAD07
md5: b22fd4e4907e4a7c1f467a87ee2fa19b
name: B22FD4E4907E4A7C1F467A87EE2FA19B.mlw
sha1: a00c12a770dbd28b027cb263ba71101ddd3daf64
sha256: 1fa201e26aa0cf62b7449e39ad3c16f86f12e9832b99846c738c8d6536255659
sha512: 7edfd72e0dfef9b7c117489b0468e636b77d758353b4575c7f8f104dc3921097c807dd11e60775ec1be9fcf1b816c400c4846cb5ffffea7aba1de46f6b233bfa
ssdeep: 12288:op/+wlLEsY1ihOuIFcHA9Bq6mEswRQoRvhALd2px1:oE8EsYcoBCg9Bqzcvhwd2pX
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
InternalName: voygcuadage.exe
FileVersion: 1.7.38.44
Copyright: Copyrighz (C) 2020, wodkagudy
ProductVersions: 1.16.44
Translation: 0x0273 0x011e

BScope.Exploit.ShellCode also known as:

K7AntiVirus	Trojan ( 0056f9be1 )
Lionic	Trojan.Win32.Agent.m!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.37237428
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Ransom:Win32/GandCrab.2ab10814
K7GW	Trojan ( 0056f9be1 )
Cyren	W32/Kryptik.EQG.gen!Eldorado
Symantec	Packed.Generic.525
ESET-NOD32	a variant of Win32/Kryptik.HLSK
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	HEUR:Exploit.Win32.Shellcode.gen
BitDefender	Trojan.GenericKD.37237428
MicroWorld-eScan	Trojan.GenericKD.37237428
Ad-Aware	Trojan.GenericKD.37237428
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Agent.irvof@0
McAfee-GW-Edition	BehavesLike.Win32.Generic.jc
FireEye	Generic.mg.b22fd4e4907e4a7c
SentinelOne	Static AI – Suspicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.Agent.mvekd
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Caynamer.A!ml
Gridinsoft	Trojan.Win32.Packed.lu!heur
Arcabit	Trojan.Generic.D23832B4
ZoneAlarm	HEUR:Exploit.Win32.Shellcode.gen
GData	Trojan.GenericKD.37237428
AhnLab-V3	Trojan/Win.MalPE.R431576
Acronis	suspicious
McAfee	RDN/RedLineStealer
MAX	malware (ai score=80)
VBA32	BScope.Exploit.ShellCode
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002H07GE21
Rising	Trojan.Generic@ML.98 (RDML:RmoKKs0dwtAs+RMM3LyDmA)
Ikarus	Trojan.Win32.FileCrypter
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ERHN!tr
AVG	Win32:DropperX-gen [Drp]
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Generic.HwoClpsA

How to remove BScope.Exploit.ShellCode?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “BScope.Exploit.ShellCode”?