Categories: Malware

ML/PE-A + Troj/Agent-BCEE information

The ML/PE-A + Troj/Agent-BCEE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Troj/Agent-BCEE virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
A scripting utility was executed
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Creates a copy of itself

How to determine ML/PE-A + Troj/Agent-BCEE?


File Info:
crc32: DC09D559md5: 3e437c1a3b7db89a583070c0d07ef7c7name: 3E437C1A3B7DB89A583070C0D07EF7C7.mlwsha1: e31dec207d039076a54072cf19426185ad2cde5asha256: 5eff5300ea097fb161db0c11ad31f2b2ad44609b5042f5547d433e3ff83e507asha512: eb20a9a7a669985fab1e6fcdba6d6e4f576fe8baf9f06327d449bdc6707d2cbe4549d292fed471843fee0e792707e81c14307cb573f50fa5ad884d53e1f0a433ssdeep: 24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH81S:fF6mw4gxeOw46fUbNecCCFbNecQtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: Copyright (C) 2000InternalName: FlowerPowerFileVersion: 1, 0, 0, 1CompanyName: PrivateBuild: LegalTrademarks: Comments: ProductName: FlowerPowerSpecialBuild: ProductVersion: 1, 0, 0, 1FileDescription: FlowerPowerOriginalFilename: FlowerPower.EXETranslation: 0x0c09 0x04b0

ML/PE-A + Troj/Agent-BCEE also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005619a01 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Inject3.16347
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Mauvaise.SL1
ALYac	MemScan:Trojan.Agent.ECLV
Cylance	Unsafe
Zillya	Trojan.GenKryptik.Win32.30456
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 005619a01 )
Cybereason	malicious.a3b7db
Cyren	W32/Agent.BAN.gen!Eldorado
Symantec	Backdoor.Avecma
ESET-NOD32	Win32/VB.OSK
Zoner	Trojan.Win32.103882
APEX	Malicious
Avast	Sf:ShellCode-CU [Trj]
ClamAV	Win.Malware.Poison-6986144-0
Kaspersky	HEUR:Trojan.Win32.Zenpak.gen
BitDefender	MemScan:Trojan.Agent.ECLV
NANO-Antivirus	Trojan.Win32.Inject3.fqtflc
MicroWorld-eScan	MemScan:Trojan.Agent.ECLV
Tencent	Malware.Win32.Gencirc.10b07bba
Ad-Aware	MemScan:Trojan.Agent.ECLV
Sophos	ML/PE-A + Troj/Agent-BCEE
Comodo	TrojWare.Win32.Injector.AVPL@8d26g3
BitDefenderTheta	Gen:NN.ZexaF.34170.RoNfaGSD0tbi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TrojanSpy.Win32.AVEMARIA.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
FireEye	Generic.mg.3e437c1a3b7db89a
Emsisoft	MemScan:Trojan.Agent.ECLV (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Nymaim.exo
Avira	BDS/Poison.mon
eGambit	Trojan.Generic
Antiy-AVL	Trojan/Generic.ASMalwS.2BB1951
Microsoft	Trojan:Win32/Skeeeyah
Gridinsoft	Trojan.Win32.Kryptik.vb!s2
GData	MemScan:Trojan.Agent.ECLV
AhnLab-V3	Malware/Win32.RL_Generic.R273894
Acronis	suspicious
McAfee	GenericRXNI-WH!3E437C1A3B7D
MAX	malware (ai score=83)
VBA32	SScope.Trojan.Hlux
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TrojanSpy.Win32.AVEMARIA.SMTH
Rising	Trojan.Injector!1.B53C (CLASSIC)
Yandex	Trojan.GenAsa!jwQBWYdc2PY
Ikarus	Trojan.Win32.Skeeeyah
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Kryptik.GZNI!tr
AVG	Sf:ShellCode-CU [Trj]