Malware

Mal/Generic-R + Troj/Agent-BFWE removal

Malware Removal

The Mal/Generic-R + Troj/Agent-BFWE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + Troj/Agent-BFWE virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • A possible heap spray exploit has been detected
  • Installs itself for autorun at Windows startup
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Mal/Generic-R + Troj/Agent-BFWE?



File Info:

name: 239F537BF4BBD02DB8B9.mlw
path: /opt/CAPEv2/storage/binaries/ead2c91ff7a3776d94ae57f54c0c15e704e0b6e8854ad8fb828fae1522a8a55b
crc32: E1313C24
md5: 239f537bf4bbd02db8b90525a1d7b486
sha1: 802fdfa7c6ec5ca46b1cc76730b6eebeca305f17
sha256: ead2c91ff7a3776d94ae57f54c0c15e704e0b6e8854ad8fb828fae1522a8a55b
sha512: 489e9d5eb0f278ac5dc3799528fdf0eb94695391daae60a542bfade21fc12ab87db0a8ce8cfc77fd5726a3e24bfc9b9335baab9feedd1a166814cb79bd65997e
ssdeep: 1536:A3jWj+DOd5AJyWt0icToSHCMmvLsrny/pwFquLFUTQnN3R9M5WLiVwt3a9jTKtq:ATLoAJytFCMmDR/pqqsFUCN3R9MI+Qa/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12093CF803E81C43ED02A41795A85B53A5C78D6752421CEC3EFE1FA59AFCD2F0662C7A3
sha3_384: 91ae7c1b6e595422b09ec5b3ce3e7b2077a21b14429cb199068913baf56226041098eb01b1805f8df5928313783b77c6
ep_bytes: 5589e56aff68dc18410068d85d400064
timestamp: 2006-03-02 17:50:37


Version Info:

0: [No Data]

Mal/Generic-R + Troj/Agent-BFWE also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.Malware.SPfVoPk!1!prn!.FE0B916D
FireEyeGeneric.mg.239f537bf4bbd02d
CAT-QuickHealWorm.Sfone.A3
ALYacGeneric.Malware.SPfVoPk!1!prn!.FE0B916D
K7AntiVirusEmailWorm ( 00571eb41 )
BitDefenderGeneric.Malware.SPfVoPk!1!prn!.FE0B916D
K7GWEmailWorm ( 00571eb41 )
Cybereasonmalicious.bf4bbd
ArcabitGeneric.Malware.SPfVoPk!1!prn!.FE0B916D
BitDefenderThetaAI:Packer.A4AAEA4E1E
CyrenW32/Worm.KOKR-0749
SymantecW32.SillyWNSE
ESET-NOD32a variant of Win32/Agent.CP
BaiduWin32.Worm.Agent.fj
ClamAVWin.Malware.Sfone-6763601-0
KasperskyHEUR:Trojan.Win32.Wofith.vho
NANO-AntivirusTrojan.Win32.Wofith.iariji
TencentWorm.Win32.Agent.d
Ad-AwareGeneric.Malware.SPfVoPk!1!prn!.FE0B916D
SophosMal/Generic-R + Troj/Agent-BFWE
DrWebWin32.HLLW.Siggen.1607
ZillyaWorm.Agent.Win32.9
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.nh
EmsisoftGeneric.Malware.SPfVoPk!1!prn!.FE0B916D (B)
IkarusWorm.Win32.Agent
JiangminWorm.Agent.yh
AviraTR/Spy.Gen
Antiy-AVLTrojan/Generic.ASCommon.1C4
MicrosoftWorm:Win32/Sfone.A
GDataWin32.Worm.Sfone.B
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Agent.R233959
Acronissuspicious
MAXmalware (ai score=87)
VBA32BScope.Worm.Agent
MalwarebytesWorm.Sform
PandaTrj/Genetic.gen
APEXMalicious
RisingWorm.Agent!1.CEBD (CLASSIC)
YandexTrojan.GenAsa!2oUtO9JdH+o
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/Agent.CP!worm
AVGWin32:Agent-URR [Trj]
AvastWin32:Agent-URR [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecurePoly.Worm.Agent.CP

How to remove Mal/Generic-R + Troj/Agent-BFWE?

Mal/Generic-R + Troj/Agent-BFWE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment