Malware

RAR/Agent.BD malicious file

Malware Removal

The RAR/Agent.BD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RAR/Agent.BD virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the PredatorPain malware family
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine RAR/Agent.BD?



File Info:

name: 2B7823F86268BFB96886.mlw
path: /opt/CAPEv2/storage/binaries/caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d
crc32: 29AC3945
md5: 2b7823f86268bfb968865907ce46750a
sha1: e5fdbeed91bc034728ddd79807fd0c5cce10df6b
sha256: caa697dcf338eec92ba2c1bddd242c659650cb161f47c1c239806d171e16ce5d
sha512: bcfedf113c2008a1de006043c6dd4d9fd63be71a18bbb5709e73607693083a668e9b9c81c7a93064f054eafa9b4b6add28ff4c35203500feb2afb94c6280a0c5
ssdeep: 24576:72O/GlKfj2BeJbXJAdVutylJJmAdCDD0/ARLPCs8KrM3bD4d7g6zwm4m53Sb23:X9JautylSAdK0/ARLq7bDQ5kFm53Sy3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17475235237C0413FE29721333E9F1776DA767934A138988BF7514F2D3ABA246EA04A53
sha3_384: 1b723cf7ad25a7fc2b8dee6bba84e8d89efe4b7e01f1cb1359ee628500c6e6b0044a2c73683d80fcce668ad7d8e50f6c
ep_bytes: e8e3feffff33c050505050e89f300000
timestamp: 2012-06-09 13:19:49


Version Info:

0: [No Data]

RAR/Agent.BD also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Vimditator.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Rasftuby.Gen.2
FireEyeGeneric.mg.2b7823f86268bfb9
McAfeeArtemis!2B7823F86268
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Autoit.V59c
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Obfuscator.e7c5d2ad
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.86268b
VirITTrojan.Win32.Ransomer.DPG
CyrenW32/AutoIt.EN.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32RAR/Agent.BD
APEXMalicious
ClamAVWin.Dropper.DarkKomet-9878589-0
KasperskyHEUR:Trojan.Script.Generic
BitDefenderTrojan.Rasftuby.Gen.2
NANO-AntivirusTrojan.Win32.Vimditator.dorppa
ViRobotTrojan.Win32.S.Agent.1627622.A
AvastWin32:AutoIt-CQR [Trj]
TencentWin32.Trojan.Generic.Jcnw
EmsisoftTrojan.Rasftuby.Gen.2 (B)
BaiduArchive.Bomb
F-SecureDropper.DR/AutoIt.Gen
DrWebTool.PassView.969
VIPRETrojan.Rasftuby.Gen.2
TrendMicroTROJ_FRS.PMA000C415
McAfee-GW-EditionW32/ObfusInjectBot.d
Trapminemalicious.moderate.ml.score
SophosMal/MalitRar-B
GDataTrojan.Rasftuby.Gen.2
WebrootW32.Trojan.GenKD
AviraDR/AutoIt.Gen
MAXmalware (ai score=100)
XcitiumMalware@#szl8bf4xmioi
ArcabitTrojan.Rasftuby.Gen.2
ZoneAlarmHEUR:Trojan.Script.Generic
MicrosoftTrojan:Win32/Skeeyah!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Chisburg.R137693
ALYacTrojan.Rasftuby.Gen.2
Cylanceunsafe
PandaTrj/CI.A
ZonerProbably Heur.RARAutorun
TrendMicro-HouseCallTROJ_FRS.PMA000C415
FortinetW32/Vimditator.B!tr
AVGWin32:AutoIt-CQR [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)

How to remove RAR/Agent.BD?

RAR/Agent.BD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment