Trojan

BScope.TrojanDropper.Convagent removal instruction

Malware Removal

The BScope.TrojanDropper.Convagent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.TrojanDropper.Convagent virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Oriya
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family

How to determine BScope.TrojanDropper.Convagent?



File Info:

name: 8B7882402A8189D04A66.mlw
path: /opt/CAPEv2/storage/binaries/a169b096d0878c175adbbab0cbbb6860b51d2f3b234f0a60064a43647040be24
crc32: 6C962E91
md5: 8b7882402a8189d04a66105e57fd79c6
sha1: 6a9d316f5fefebc22702d050e71295923a3e9b27
sha256: a169b096d0878c175adbbab0cbbb6860b51d2f3b234f0a60064a43647040be24
sha512: 8cf8cdbc63ba6879d453cb207fe0947719f5a0fca8c232d7dfed637c5439cf649f1b72b52f8919ad40ccbb55d9c9b18293f2ab22c44908685a104866948aea7f
ssdeep: 6144:LYhLhwVlWU5oqey6VDufd1qmrLfadu/u/zdW7DIT7LLuzbgwu6L7ITsqSigaTwVT:UhtDU5GthdXnunnn7s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC84D0F176AC8D71D5632D7088218BD15A2BBC12E8608506B634779E1F7BBCC8AE531F
sha3_384: a518a876473caed78171e4759096f635b846f297a14c8862d37e1e60a864b7be7e7319c80f6143f28621dba0fc13a1a2
ep_bytes: e884340000e979feffffcccccccccccc
timestamp: 2021-05-12 12:40:01


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.27
Translation: 0x0127 0x046a

BScope.TrojanDropper.Convagent also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47605505
FireEyeGeneric.mg.8b7882402a8189d0
CAT-QuickHealTrojan.Multi
ALYacTrojan.GenericKD.47605505
MalwarebytesTrojan.MalPack.GS
K7AntiVirusTrojan ( 0058b94e1 )
AlibabaTrojanSpy:Win32/Raccoon.6eccf4bb
K7GWTrojan ( 0058b94e1 )
Cybereasonmalicious.f5fefe
BitDefenderThetaGen:NN.ZexaF.34084.xy0@a0RIZuTG
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNPO
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderTrojan.GenericKD.47605505
AvastWin32:Trojan-gen
TencentWin32.Trojan-spy.Stealer.Eckm
Ad-AwareTrojan.GenericKD.47605505
EmsisoftTrojan.GenericKD.47605505 (B)
DrWebTrojan.PWS.Stealer.26952
TrendMicroTROJ_GEN.R03BC0DLC21
McAfee-GW-EditionBehavesLike.Win32.MultiPlug.fc
SophosMal/Generic-S + Troj/Krypt-BO
IkarusTrojan.Win32.Krypt
JiangminExploit.ShellCode.fwj
AviraTR/Kryptik.cjwdp
MAXmalware (ai score=87)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2D66701
MicrosoftTrojan:Win32/Raccoon.DE!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R457259
Acronissuspicious
VBA32BScope.TrojanDropper.Convagent
TrendMicro-HouseCallTROJ_GEN.R03BC0DLC21
RisingTrojan.Generic@ML.92 (RDML:2I4guV+lByu2nqDhXKnVlg)
SentinelOneStatic AI – Malicious PE
FortinetW32/Lockbit.FSWW!tr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove BScope.TrojanDropper.Convagent?

BScope.TrojanDropper.Convagent removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment