Malware

Troj/Agent-BFYM removal

Malware Removal

The Troj/Agent-BFYM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BFYM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Agent-BFYM?



File Info:

name: 1D63B54D292104F143C9.mlw
path: /opt/CAPEv2/storage/binaries/718db35939fbacc3b07e938d17698721a48d56ca3f76bad0929f8cfcc735524f
crc32: 5E0486B3
md5: 1d63b54d292104f143c9963e2aeaa778
sha1: 00c2d6433312a6d8b4234bf545a69e21582dfdce
sha256: 718db35939fbacc3b07e938d17698721a48d56ca3f76bad0929f8cfcc735524f
sha512: 47ead610aa2cba8f03eb5d1c13d8f4e6f865af42a9b09216d2b1a0209cadf5ecebde348030b230036c60f20ea4718026910df3acff05b40992afd613712d821d
ssdeep: 12288:+gU+onVw22GdwFgzi2FaS6UfBaAlXPAoYg3ovpmj3BmCh:5UJne22ATVl8sKsovpmj3
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1A8B413DA84A6DCC7D70D32F53404FF5AA12CB833928D33D3FB948767B4A495522987A2
sha3_384: d8be4cec287a5887660da752a07cacabb9561997bd99746fa4da62e535f81832b4c39492052c53c85d8e3ecefe7ac22b
ep_bytes: 60bea299c0ea21d34bb80000000089cb
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Troj/Agent-BFYM also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.576052
McAfeeGenericRXMT-KB!1D63B54D2921
MalwarebytesMalware.Heuristic.1003
ZillyaTrojan.Injector.Win32.798932
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Injector.23cdad46
K7GWTrojan ( 0057984e1 )
K7AntiVirusTrojan ( 0057984e1 )
CyrenW32/S-91c2cc44!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.EBQH
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.576052
NANO-AntivirusTrojan.Win32.Razy.idzcbv
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Generic.Jqil
EmsisoftGen:Variant.Razy.576052 (B)
F-SecureHeuristic.HEUR/AGEN.1200606
DrWebTrojan.Inject4.12086
VIPREGen:Variant.Razy.576052
TrendMicroPAK_Xed-10
McAfee-GW-EditionBehavesLike.Win32.Generic.gm
FireEyeGeneric.mg.1d63b54d292104f1
SophosTroj/Agent-BFYM
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.576052
JiangminTrojan.Generic.gmxqz
AviraHEUR/AGEN.1200606
Antiy-AVLGrayWare/Win32.Kryptik.ffp
XcitiumMalCrypt.Indus!@1qrzi1
ArcabitTrojan.Razy.D8CA34
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Casur.A!cl
GoogleDetected
AhnLab-V3Malware/Win32.RL_Generic.R263763
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.36308.EmW@aa@cnPk
ALYacGen:Variant.Razy.576052
MAXmalware (ai score=84)
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
TrendMicro-HouseCallPAK_Xed-10
RisingTrojan.Injector!1.E280 (CLASSIC)
YandexTrojan.Agent!pHHi3WNcpMo
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.EBQH!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.d29210
PandaTrj/Genetic.gen

How to remove Troj/Agent-BFYM?

Troj/Agent-BFYM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment