Malware

About “Troj/Agent-BFYM” infection

Malware Removal

The Troj/Agent-BFYM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BFYM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Agent-BFYM?



File Info:

name: 10EC39F1CF0C6EA5F3AA.mlw
path: /opt/CAPEv2/storage/binaries/8d47f96d4151d8371cc13b478537914ce5f3983cddcd10cd413d40757172eb92
crc32: ADC7A712
md5: 10ec39f1cf0c6ea5f3aab8f4d961407d
sha1: 226e007ec4a581e58577de594c0a916f50aca3bc
sha256: 8d47f96d4151d8371cc13b478537914ce5f3983cddcd10cd413d40757172eb92
sha512: b7ecf8d7b482b8a7b2e896f208ae3c15e05b6d87ac1075acdba88e124657ff588acd3001dec567b98575a7fc2d0e99b18b2041ffd7801b8a31afd26d59f722e8
ssdeep: 12288:w7WWy5g1MW4nXdi5DwnFW6JO2TJFsEOZpwY:w7WWyC1EnNMwFWSO4JdOZpw
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T175B41246FB12C0F4C70989B07DDF8F478A4976F118FC2A8D444D62A3E76A651E6CC6E2
sha3_384: 28e73dd8112b02e49c62a73e86bd60bbc7b8087534dfe5ffea90267e375b74cac8f18ca720497f645caab6c872d4228a
ep_bytes: 60be1faf3f4781e9f14b2fbc29d9b900
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Troj/Agent-BFYM also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.576052
FireEyeGeneric.mg.10ec39f1cf0c6ea5
ALYacGen:Variant.Razy.576052
ZillyaTrojan.Injector.Win32.801939
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057984e1 )
AlibabaTrojan:Win32/Injector.a9e078fb
K7GWTrojan ( 0057984e1 )
Cybereasonmalicious.1cf0c6
CyrenW32/S-91c2cc44!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.EBQH
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.576052
NANO-AntivirusTrojan.Win32.Razy.igsfqt
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Generic.Wdkl
EmsisoftGen:Variant.Razy.576052 (B)
DrWebTrojan.Inject4.12086
VIPREGen:Variant.Razy.576052
TrendMicroPAK_Xed-10
McAfee-GW-EditionBehavesLike.Win32.Generic.gm
SophosTroj/Agent-BFYM
IkarusTrojan.Win32.Injector
GDataGen:Variant.Razy.576052
GoogleDetected
AviraHEUR/AGEN.1200606
Antiy-AVLGrayWare/Win32.Kryptik.ffp
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Razy.D8CA34
MicrosoftTrojan:Win32/Casur.A!cl
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R263763
Acronissuspicious
McAfeeGenericRXAA-FA!10EC39F1CF0C
MAXmalware (ai score=100)
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
TrendMicro-HouseCallPAK_Xed-10
RisingTrojan.Injector!1.E280 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.EBQH!tr
BitDefenderThetaGen:NN.ZexaF.36308.EmW@aa@cnPk
AVGWin32:Evo-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Troj/Agent-BFYM?

Troj/Agent-BFYM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment