Trojan

How to remove “BScope.TrojanDropper.Convagent”?

Malware Removal

The BScope.TrojanDropper.Convagent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.TrojanDropper.Convagent virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Oriya
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family

How to determine BScope.TrojanDropper.Convagent?



File Info:

name: D74D806ADBAC5B558317.mlw
path: /opt/CAPEv2/storage/binaries/db422656d83a3509e857a625dc5b715a396f145645386503522d890c37efac73
crc32: FA55EA52
md5: d74d806adbac5b558317d674d0690361
sha1: 28e7b6b993531af78f3fe0a5e54fef987aea5651
sha256: db422656d83a3509e857a625dc5b715a396f145645386503522d890c37efac73
sha512: 3866dfcb338afd71d927b97e6ff10c15d364f18eebf3ad80143eafceb61544d7b9130698c80c64cd6838a1636ea5efcfbd35ad553ceb3bd6482851774f8a130a
ssdeep: 6144:oO7LThJjY4qLaFXue03HXCznsXvIpD+qD367b2Duzbgwu6L7ITsqSigaTwVfr:v7ZmLbHAswpyb2Dunnn7s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16584DFF166A89CB1F6533D304854CAD40A2BFC16DA609126B6306B9E1FB3EDC49F531E
sha3_384: 8fc3350b757190f4a6094f018f51355ed80be7fce91a3616a8255b8e79f711f47f7e27b34546ffbb40c5db8415dffd47
ep_bytes: e884340000e979feffffcccccccccccc
timestamp: 2020-09-14 18:09:10


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.27
Translation: 0x0127 0x046a

BScope.TrojanDropper.Convagent also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
MicroWorld-eScanGen:Variant.Midie.105486
FireEyeGeneric.mg.d74d806adbac5b55
McAfeeLockbit-FSWW!D74D806ADBAC
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/Raccoon.cab11a41
K7GWTrojan ( 0058b94e1 )
K7AntiVirusTrojan ( 0058b94e1 )
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNPO
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Variant.Midie.105486
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Midie.105486
EmsisoftGen:Variant.Midie.105486 (B)
DrWebTrojan.PWS.Stealer.26952
TrendMicroTROJ_GEN.R002C0PL921
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosML/PE-A + Troj/Krypt-BO
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.PSE.1L145IR
AviraTR/Kryptik.xyave
Antiy-AVLTrojan/Generic.ASMalwS.34E786D
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Raccoon.DE!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R457259
Acronissuspicious
VBA32BScope.TrojanDropper.Convagent
ALYacGen:Variant.Midie.105486
MAXmalware (ai score=86)
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTROJ_GEN.R002C0PL921
RisingTrojan.Generic@ML.87 (RDML:W+aX1addXi7zLy9XqctYCQ)
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HNPK!tr
BitDefenderThetaGen:NN.ZexaF.34084.xy0@aar0paLG
AVGWin32:Trojan-gen
Cybereasonmalicious.993531
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.300983.susgen

How to remove BScope.TrojanDropper.Convagent?

BScope.TrojanDropper.Convagent removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment