Fake Trojan

BScope.Trojan.FakeAV.01731 (file analysis)

Malware Removal

The BScope.Trojan.FakeAV.01731 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.Trojan.FakeAV.01731 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine BScope.Trojan.FakeAV.01731?



File Info:

name: CBCED76C5A99F3AAE34D.mlw
path: /opt/CAPEv2/storage/binaries/db04790cfe96e1b5c3598a302343a45310367b18ac1414cbe23970db7fa4987a
crc32: 7EC6EF0B
md5: cbced76c5a99f3aae34d6866a06efb37
sha1: 8bb379547c57c502413799df2e17013e0a3dd48f
sha256: db04790cfe96e1b5c3598a302343a45310367b18ac1414cbe23970db7fa4987a
sha512: 577aed1626a4f02d070ddcd1ec81b0b21580e15e810019ab95a81e850e7de17ec22591a56b831be84ae7e276f820e02dc46115e6a6693d0828ea3b6eeea6b1c1
ssdeep: 196608:Hly/LfSY73RKxSuebyZEMKx2QQlkNxtQvIvvbwV2zvJOls7w6zrSo9Q9MXqcwBx3:U/OYT8L56DQsi+Dw+0s7fKagx3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15AE6332E834CA974E4D3B7754A4099587EF1BB358DF9049334CAFB4F69AE5D0AC01B82
sha3_384: ce52727271e3f4accbc95eeee9ea19cbf11afb03f74a787e1acdbacc941122aa4196641244b5825a1ec85a999306a061
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: RJP Computing                                               
FileDescription: Installs the BCX DevSuite for complete BCX development      
FileVersion: 1.47                
LegalCopyright: 2003-2013                                                                                           
ProductName: BCX DevSuite Pro                                            
ProductVersion: 1.45.0.01           
Translation: 0x0000 0x04b0

BScope.Trojan.FakeAV.01731 also known as:

BkavW32.Common.0C98E18D
KasperskyUDS:DangerousObject.Multi.Generic
AlibabaTrojan:Win32/Occamy.8ace7c36
NANO-AntivirusTrojan.Script.Vbs-heuristic.druvzi
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmUDS:DangerousObject.Multi.Generic
DeepInstinctMALICIOUS
VBA32BScope.Trojan.FakeAV.01731
IkarusTrojan.Crypt
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/Agent.FA!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen

How to remove BScope.Trojan.FakeAV.01731?

BScope.Trojan.FakeAV.01731 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment