Malware

Should I remove “Troj/Agent-BEJP”?

Malware Removal

The Troj/Agent-BEJP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BEJP virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a process and injected code into it, probably while unpacking
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Troj/Agent-BEJP?



File Info:

crc32: 7457DBC4
md5: 683c063d2016607bf312aa0900d0035c
name: 683C063D2016607BF312AA0900D0035C.mlw
sha1: 8ed42cbd8cf5738f4c642e48c8225078f444b52f
sha256: e2f5a291f282a4035e41e7a3e197742b9091dea132ac6a352208ab66bf295542
sha512: a2048e376b43fce7e633281b46b4e2aa134e1c5e89d5880f4a7ecb94719f3ab3e030c783355db9193b36d360f282dbd4c59480dc03c7b439e4dfbee2511413ae
ssdeep: 6144:bBABAdbouCA9dctS6HrFGDrbyyu6vzTr5dNKTToAH6s:bmB0OCW1gDpu6nrcVas
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Wextract                
FileVersion: 6.00.3790.0 (srv03_rtm.030324-2048)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.00.3790.0
FileDescription: Win32 Cabinet Self-Extractor                                           
OriginalFilename: WEXTRACT.EXE            
Translation: 0x0409 0x04b0

Troj/Agent-BEJP also known as:

DrWebBackDoor.BlackMoon.15
MicroWorld-eScanGen:Variant.Graftor.494720
Qihoo-360Win32/Backdoor.600
McAfeeGenericRXAA-AA!683C063D2016
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Farfli.m!c
K7AntiVirusTrojan ( 005376ae1 )
BitDefenderGen:Variant.Graftor.494720
K7GWTrojan ( 005376ae1 )
CrowdStrikewin/malicious_confidence_70% (W)
TrendMicroTROJ_GEN.R002C0DEC20
CyrenW32/Trojan.BWRT-5467
APEXMalicious
AvastWin32:Malware-gen
GDataGen:Variant.Graftor.494720
KasperskyBackdoor.Win32.Farfli.brjz
AlibabaBackdoor:Win32/Farfli.f184186f
NANO-AntivirusTrojan.Win32.BlackMoon.flthzb
RisingBackdoor.Farfli!8.B4 (CLOUD)
Ad-AwareGen:Variant.Graftor.494720
SophosTroj/Agent-BEJP
ComodoBackdoor.Win32.Zegost.XP@7o7w19
F-SecureHeuristic.HEUR/AGEN.1115359
ZillyaWorm.Palevo.Win32.124018
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Virut.dc
Trapminemalicious.high.ml.score
FireEyeGen:Variant.Graftor.494720
EmsisoftGen:Variant.Graftor.494720 (B)
F-ProtW32/Agent.BTG.gen!Eldorado
JiangminBackdoor.Androm.algc
WebrootW32.Malware.gen
AviraHEUR/AGEN.1115359
Antiy-AVLTrojan/Win32.APosT
Endgamemalicious (moderate confidence)
ArcabitTrojan.Graftor.D78C80
ZoneAlarmBackdoor.Win32.Farfli.brjz
MicrosoftTrojan:Win32/Farfli.RSK!MTB
AhnLab-V3Backdoor/Win32.RL_Farfli.R333331
Acronissuspicious
VBA32Trojan.APosT
ALYacGen:Variant.Graftor.494720
MAXmalware (ai score=81)
MalwarebytesBackdoor.Farfli
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.GGXP
TrendMicro-HouseCallTROJ_GEN.R002C0DEC20
TencentMalware.Win32.Gencirc.10b9c3cb
YandexTrojan.Kryptik!h9wctYwL3eU
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_54%
FortinetW32/Kryptik.GGXP!tr
AVGWin32:Malware-gen
Cybereasonmalicious.d20166
Paloaltogeneric.ml
MaxSecureTrojan.Malware.121218.susgen

How to remove Troj/Agent-BEJP?

Troj/Agent-BEJP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment