Trojan

About “BScope.TrojanPSW.Azorult” infection

Malware Removal

The BScope.TrojanPSW.Azorult is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.TrojanPSW.Azorult virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Starts servers listening on 0.0.0.0:1024
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine BScope.TrojanPSW.Azorult?



File Info:

name: 49D8051F914BE20E2B28.mlw
path: /opt/CAPEv2/storage/binaries/b71493eeb640050e84d1a2f408ec000d0cc58e97c71b8e32d1a3c58edff78715
crc32: E95EC997
md5: 49d8051f914be20e2b28b97d6eae704b
sha1: ef90d24c9242433b08cb9f5d5794d51d4bb71b85
sha256: b71493eeb640050e84d1a2f408ec000d0cc58e97c71b8e32d1a3c58edff78715
sha512: 891f917a1aa53f5df07fbbb674001cf801fe77d33011e97caf6eaf2b457f91b8c58fc3c51bb5ea55a3ac521bf0ce7e491f15d6b86081db728bcb9ff2a020b3d4
ssdeep: 6144:mEu+rqKIzPCI5+LNp4TCvsGyJKtFsxpty54c8fygd66FGVfyNRb:9u+ePCIYkcsBJKL8pW8Kpr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11484127B3F91FB06C005A03B43920E9813BBCE52A761CF7F52A4674E9E5A1C68A71477
sha3_384: 78f89f8de88bc98385641e76f6398217b96278eb0851d29bbda548552fd9c89de97cee879680c4eeef5fcdcb579517e5
ep_bytes: b828a455005064ff3500000000648925
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: ZED [CREATE]
FileDescription: Z[C] CoolExit
FileVersion: 3.2.8.583
InternalName: 
LegalCopyright: ZED [CREATE]
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 3.2.8.583
Comments: 
Translation: 0x0419 0x04e3

BScope.TrojanPSW.Azorult also known as:

BkavW32.AIDetect.malware2
FireEyeGeneric.mg.49d8051f914be20e
McAfeeArtemis!49D8051F914B
CylanceUnsafe
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastFileRepMetagen [Malware]
ComodoMalware@#3mcsvyyj1ypyk
McAfee-GW-EditionBehavesLike.Win32.Dropper.fc
IkarusTrojan-Banker.Win32.Banker
VBA32BScope.TrojanPSW.Azorult
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_97%
AVGFileRepMetagen [Malware]

How to remove BScope.TrojanPSW.Azorult?

BScope.TrojanPSW.Azorult removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment