Spy

Generic.SpyAgent.A.BA947553 information

Malware Removal

The Generic.SpyAgent.A.BA947553 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.SpyAgent.A.BA947553 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Harvests cookies for information gathering

How to determine Generic.SpyAgent.A.BA947553?



File Info:

name: D3B1BD74EFC3E1B64B14.mlw
path: /opt/CAPEv2/storage/binaries/421a46db77c3b62ac95fea388fea004ffa477cf934e6e065948ed93351aeddb1
crc32: 611BF7E2
md5: d3b1bd74efc3e1b64b14ec0f8521822d
sha1: 12b7e65077e9090d60c3a80abdbf6022c0926861
sha256: 421a46db77c3b62ac95fea388fea004ffa477cf934e6e065948ed93351aeddb1
sha512: 6dd4b4b2475f0ab77978308f5ce843e8811d7fbe27226f6f0deb7899ebd7b74fcf310a38390e61a6fcaffea9dc45a5eff8b389b2c3c74d5bfc8617a630facab2
ssdeep: 49152:SvUzcw52hHsDmnu85tZxMcVIKrvetwUZxbvwJ9b1YBVFM:595eHs6u85tQsIaUZxvwr1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T105B5121179EB399CF474F5B80BD6D2BDCB9CF9EA814B4E7F2094528B4B846407E82835
sha3_384: 17b5f8429f632bbcdb52f2e64de57f47d8daae9df8a2feb48dc5ad14962ef10606d0b5285dfd48ea080435061525691c
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2021-12-07 14:03:01


Version Info:

CompanyName: TODO:  
FileDescription: FbRobot
FileVersion: 1.0.0.1
InternalName: FbRobot.exe
LegalCopyright: TODO:  (C) 。  保留所有权利。
OriginalFilename: FbRobot.exe
ProductName: TODO:  
ProductVersion: 1.0.0.1
Translation: 0x0804 0x04b0

Generic.SpyAgent.A.BA947553 also known as:

MicroWorld-eScanDeepScan:Generic.SpyAgent.A.BA947553
FireEyeDeepScan:Generic.SpyAgent.A.BA947553
McAfeeArtemis!D3B1BD74EFC3
CylanceUnsafe
SangforTrojan.Win32.Passteal.rd
K7AntiVirusPassword-Stealer ( 0055912f1 )
AlibabaTrojanBanker:Win32/Passteal.572266cc
K7GWPassword-Stealer ( 0055912f1 )
BitDefenderThetaGen:NN.ZexaF.34084.pE0bamw6y0ob
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/PSW.Agent.OHG
TrendMicro-HouseCallTROJ_GEN.R011C0WLA21
Paloaltogeneric.ml
KasperskyTrojan-Banker.Win32.Passteal.rd
BitDefenderDeepScan:Generic.SpyAgent.A.BA947553
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Wrpx
Ad-AwareDeepScan:Generic.SpyAgent.A.BA947553
SophosMal/Generic-S
DrWebTrojan.PWS.Stealer.31751
TrendMicroTROJ_GEN.R011C0WLA21
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
EmsisoftDeepScan:Generic.SpyAgent.A.BA947553 (B)
IkarusTrojan-PSW.Agent
GDataDeepScan:Generic.SpyAgent.A.BA947553
AviraTR/PSW.Agent.jplmk
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.34E9210
GridinsoftRansom.Win32.Sabsik.sa
APEXMalicious
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
VBA32BScope.Trojan.Agent
ALYacDeepScan:Generic.SpyAgent.A.BA947553
MalwarebytesSpyware.PasswordStealer
YandexTrojan.PWS.Passteal!trnNVePLcVs
FortinetW32/Agent.OLG!tr.pws
AVGWin32:Trojan-gen
PandaTrj/GdSda.A

How to remove Generic.SpyAgent.A.BA947553?

Generic.SpyAgent.A.BA947553 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment