Malware

What is “Mal/Generic-S + Troj/Agent-BGQN”?

Malware Removal

The Mal/Generic-S + Troj/Agent-BGQN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-S + Troj/Agent-BGQN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Detects the presence of Windows Defender AV emulator via files

How to determine Mal/Generic-S + Troj/Agent-BGQN?



File Info:

name: BE81976FB00151B83B4F.mlw
path: /opt/CAPEv2/storage/binaries/ebe02a50fbd9d83c09a3911dbebb7816191b0f3f2bd517a46246ae3fd78fd6ca
crc32: 7BEF1B61
md5: be81976fb00151b83b4f5ca49f42ceef
sha1: e00648d411a1a3fff9f557b1c2384d84cd5721cc
sha256: ebe02a50fbd9d83c09a3911dbebb7816191b0f3f2bd517a46246ae3fd78fd6ca
sha512: 103405f15c5f0c7c3753a99d9a0adbffd4b3d9baac8b5a95b45274a8934045f0002a516750a7a5db9c2d4bba713044f426bd03b9b8d5f84baffa370469511318
ssdeep: 24576:P53uhF20GFBMHf/6/aIM6DSIRsfi4AMQkegEhpHKco5zLDgK5uv:P5+hFM+XtunGKHuUqN5zLDJ5u
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ED4523012BE940F7C2A377310A55FB2855FADF642F2685C7DF103B18AE727E99439886
sha3_384: c1b1cc26049cb47a1d067a5afe13c6e77d7d0c207e5c84a4ebbdf9d142402e8b083ed179604f3048f90e2dd4dd0d6971
ep_bytes: 558bec6aff6880fa410068f0c4410064
timestamp: 2016-04-02 22:14:34


Version Info:

CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX (x86)
FileVersion: 1.7.0.3900
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2016 Oleg N. Scherbakov
OriginalFilename: 7ZSfxMod_x86.exe
PrivateBuild: April 1, 2016
ProductName: 7-Zip SFX
ProductVersion: 1.7.0.3900
Translation: 0x0000 0x04b0

Mal/Generic-S + Troj/Agent-BGQN also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.45974847
FireEyeGeneric.mg.be81976fb00151b8
McAfeeArtemis!BE81976FB001
MalwarebytesTrojan.Dropper.Generic
AlibabaVirTool:Win32/AutInject.cba4adbf
K7GWTrojan ( 00579bce1 )
K7AntiVirusTrojan ( 00579bce1 )
BitDefenderThetaGen:NN.ZexaF.34084.nr3@a89EgPl
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.7Zip.S.gen
TrendMicro-HouseCallTrojan.Win32.CRYPZIP.SMRAH
Paloaltogeneric.ml
ClamAVWin.Malware.Drivepack-9884589-1
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderTrojan.GenericKD.45974847
AvastWin32:7Drop-D [Trj]
RisingTrojan.HiddenRun/SFX!1.D57B (CLASSIC)
Ad-AwareTrojan.GenericKD.45974847
EmsisoftTrojan.GenericKD.45974847 (B)
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojan.Win32.CRYPZIP.SMRAH
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SentinelOneStatic AI – Malicious PE
SophosMal/Generic-S + Troj/Agent-BGQN
APEXMalicious
GDataTrojan.GenericKD.45974847
JiangminTrojan/CoinMiner.ab.a
WebrootPua.Opencandy
AviraTR/Redcap.ppsyc
MicrosoftTrojan:Win32/Ymacco.AAEB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.C4386948
VBA32Trojan.Hesv
ALYacTrojan.GenericKD.45974847
MAXmalware (ai score=83)
CylanceUnsafe
YandexTrojan.Crypzip!Z+kK2V35wSU
IkarusTrojan-Spy.RedLineStealer
FortinetMalicious_Behavior.SB
AVGWin32:7Drop-D [Trj]
Cybereasonmalicious.fb0015
PandaTrj/CI.A

How to remove Mal/Generic-S + Troj/Agent-BGQN?

Mal/Generic-S + Troj/Agent-BGQN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment