Malware

Troj/Agent-BFYM (file analysis)

Malware Removal

The Troj/Agent-BFYM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BFYM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Agent-BFYM?



File Info:

name: 00715D8181B2729F6AD7.mlw
path: /opt/CAPEv2/storage/binaries/748a39fefff6e1711a1b52ab498da888169c0907c14c7b5be2d9fd4835f6bbf1
crc32: A37B8DD3
md5: 00715d8181b2729f6ad71fee2b84218b
sha1: 0fbf066194fef66f8ee294b46bf3454ff795a804
sha256: 748a39fefff6e1711a1b52ab498da888169c0907c14c7b5be2d9fd4835f6bbf1
sha512: 02b94f30ae9420c9348f6f586580329233b970897a5851e246138659c5e0997206ce7898995a5b77cbba5c8103bc6ab7ed23e4ca2736813764aea1bfa44962cd
ssdeep: 12288:GnyR7cBa1C56kLcUHpAEBuntU7J98TwoOBxohs+3SHbOilh:GnyBz1vkDpz7vln/ohsrHbOil
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T133B4230991966562F0B144316203AC921FB776897321DA47EF27F0E198DE6C9AFD3BCC
sha3_384: d6f327d8e5e3c6fcab7164ac175307e2616f7896ecded5ca32e497104cc565fbd25969dcb8889bd708063e20c4302cae
ep_bytes: 60bec8c7654121d709d781efc87826e4
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Troj/Agent-BFYM also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.576052
FireEyeGeneric.mg.00715d8181b2729f
McAfeeGenericRXAA-FA!00715D8181B2
Cylanceunsafe
ZillyaTrojan.Injector.Win32.802255
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057984e1 )
AlibabaTrojan:Win32/Injector.ee40c380
K7GWTrojan ( 0057984e1 )
Cybereasonmalicious.181b27
CyrenW32/S-91c2cc44!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.EBQH
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.576052
NANO-AntivirusTrojan.Win32.Razy.igpgfs
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Generic.Mqil
EmsisoftGen:Variant.Razy.576052 (B)
DrWebTrojan.DownLoader36.17091
VIPREGen:Variant.Razy.576052
TrendMicroPAK_Xed-10
McAfee-GW-EditionBehavesLike.Win32.Generic.gm
SophosTroj/Agent-BFYM
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.576052
AviraHEUR/AGEN.1200606
Antiy-AVLGrayWare/Win32.Kryptik.ffp
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Razy.D8CA34
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Malware/Win32.RL_Generic.R263763
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.36308.EmW@aG0ujDd
ALYacGen:Variant.Razy.576052
MAXmalware (ai score=85)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallPAK_Xed-10
RisingTrojan.Injector!1.E280 (CLASSIC)
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.EBQH!tr
AVGWin32:Evo-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Troj/Agent-BFYM?

Troj/Agent-BFYM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment