Malware

Troj/Agent-BCGS (file analysis)

Malware Removal

The Troj/Agent-BCGS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BCGS virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Troj/Agent-BCGS?



File Info:

name: 3CE737C92F35D5B0945C.mlw
path: /opt/CAPEv2/storage/binaries/51f8c20b04c6562e0f2d67c1c711560e707545f55069915363a4c58acae6d091
crc32: DB2EFDB3
md5: 3ce737c92f35d5b0945cd780249fb4b5
sha1: 4566c77f3c071fcbba14e1779c5cb007882f6a5f
sha256: 51f8c20b04c6562e0f2d67c1c711560e707545f55069915363a4c58acae6d091
sha512: bad73cb5a6b27e4ecc6b98f6e3d7061ef21133942d624cb31f2216550395e3e9c9e53b1ae2152a878ee545019a9928269c1941aa8c15cdd47a51cd62a19d3171
ssdeep: 3072:NB1AFEpzHEMTr5TvFNvpUCN04h5xHjvUuSPa8OM8FESE6ZqcJbD4YbKd0s6/y9jO:NqIlpxpUqLHjjWhOMWtzbMoy9N7M
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D04AEA29553B4CCF31613BD7D00C71659999D66E29153C4B4B22F8C83E682F8E6BF0E
sha3_384: e51453cfe77d4b06b684f4fe2452d32df9f29b9413926a7ee764dff971498b82ea6e08a595dad24bb6b0c52c3d7cfc8a
ep_bytes: 6a40680010000068a08601006a00ff15
timestamp: 2012-09-05 20:26:28


Version Info:

0: [No Data]

Troj/Agent-BCGS also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.AutoRun.o!c
MicroWorld-eScanGen:Variant.Downloader.126
FireEyeGeneric.mg.3ce737c92f35d5b0
CAT-QuickHealTrojan.Generic.S25201420
SkyhighBehavesLike.Win32.VirRansom.cc
ALYacGen:Variant.Downloader.126
ZillyaWorm.AutoRun.Win32.434
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaWorm:Win32/AutoRun.8d3c6ce0
K7GWEmailWorm ( 0052ca6a1 )
K7AntiVirusEmailWorm ( 0052ca6a1 )
BitDefenderThetaAI:Packer.10D9AA541E
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.Agent.AFG
APEXMalicious
KasperskyHEUR:Worm.Win32.AutoRun.pef
BitDefenderGen:Variant.Downloader.126
AvastWin32:WormX-gen [Wrm]
TencentWorm.Win32.AutoRun.ha
EmsisoftGen:Variant.Downloader.126 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebWin32.HLLW.Autoruner3.499
VIPREGen:Variant.Downloader.126
Trapminemalicious.high.ml.score
SophosTroj/Agent-BCGS
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Downloader.126
JiangminTrojan.Generic.fvibx
GoogleDetected
AviraTR/Crypt.XPACK.Gen
VaristW32/Kryptik.AJG.gen!Eldorado
Antiy-AVLGrayWare/Win32.Agent.afg
Kingsoftmalware.kb.a.1000
XcitiumEmailWorm.Win32.AutoRun.KA@719dtc
ArcabitTrojan.Downloader.126
ZoneAlarmHEUR:Worm.Win32.AutoRun.pef
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R295338
McAfeeGenericRXRD-EH!3CE737C92F35
MAXmalware (ai score=84)
VBA32BScope.Worm.Autorun
Cylanceunsafe
PandaTrj/Genetic.gen
RisingWorm.Autorun!1.AFBF (CLASSIC)
IkarusVirus.Win32.Heur
FortinetW32/Agent.AFG!tr
AVGWin32:WormX-gen [Wrm]
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Troj/Agent-BCGS?

Troj/Agent-BCGS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment