Malware

Mal/Generic-R + Troj/Agent-BGWM information

Malware Removal

The Mal/Generic-R + Troj/Agent-BGWM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + Troj/Agent-BGWM virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Mal/Generic-R + Troj/Agent-BGWM?



File Info:

name: A57E5254DC65C26B29E3.mlw
path: /opt/CAPEv2/storage/binaries/7cd3cfd53f2f576d4822062aefbe56681827f3ca78287123652854c40463e85e
crc32: 06445945
md5: a57e5254dc65c26b29e3de89ec848954
sha1: 4260776b789368664b8154d0c79732c1c5a0b4b7
sha256: 7cd3cfd53f2f576d4822062aefbe56681827f3ca78287123652854c40463e85e
sha512: 4358a53afab32769738a2f0dad72606bf98c2cd5d17ac1591b853d522a3efe558d685fff42718f144ac307b4b761cd06846f6b0ecc187bda0d60205760120b65
ssdeep: 3072:/TdZp5uSefX65mV4mjNYFcRK65pYzn4VqBurXiv1IctmxizlRIzQ4rWeqOkvd+:pjQPRKmjh7pYzn4mMyv1AxihRMWtx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C34D00234C1D432C493257A196482A5696BFCB25BB7C2D3775A3B3FAE722E11E34B53
sha3_384: 20b5c38a4e797db072e9c6cd9a58e1c4c7a4d5ef9f91a2a28023805456ce660ca3caff800327f8eba69218b8f3bc2eb4
ep_bytes: e82b3e0000e978feffffcccccccccccc
timestamp: 2020-07-11 21:48:43


Version Info:

FileVerus: 1.0.2.18
ProductVersys: 1.5.28.29
Translations: 0x0166 0x000a

Mal/Generic-R + Troj/Agent-BGWM also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.74041
FireEyeGeneric.mg.a57e5254dc65c26b
ALYacTrojan.GenericKDZ.74041
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 003e58dd1 )
AlibabaMalware:Win32/km_24ad5.None
K7GWTrojan ( 005690671 )
Cybereasonmalicious.b78936
CyrenW32/Kryptik.DUP.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HKIM
APEXMalicious
ClamAVWin.Packed.Generickdz-9852430-0
KasperskyHEUR:Trojan.Win32.Chapak.gen
BitDefenderTrojan.GenericKDZ.74041
NANO-AntivirusTrojan.Win32.Chapak.itzsrk
AvastWin32:BotX-gen [Trj]
Ad-AwareTrojan.GenericKDZ.74041
SophosMal/Generic-R + Troj/Agent-BGWM
DrWebTrojan.PWS.Siggen2.64388
TrendMicroBackdoor.Win32.GLUPTEBA.SMTH.hp
McAfee-GW-EditionBehavesLike.Win32.Emotet.dc
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKDZ.74041
AviraHEUR/AGEN.1142697
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.326A563
ArcabitTrojan.Generic.D12139
MicrosoftTrojan:Win32/Glupteba.EDS!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R415238
Acronissuspicious
McAfeePacked-GDK!A57E5254DC65
VBA32Malware-Cryptor.Azorult.gen
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallBackdoor.Win32.GLUPTEBA.SMTH.hp
RisingMalware.Heuristic!ET#94% (RDMK:cmRtazrCzjc15vwAdrj3pgIkR5p8)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.FDUP!tr
BitDefenderThetaGen:NN.ZexaF.34114.oqW@a0PHuZne
AVGWin32:BotX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Mal/Generic-R + Troj/Agent-BGWM?

Mal/Generic-R + Troj/Agent-BGWM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment