Malware

Troj/Agent-BFYM (file analysis)

Malware Removal

The Troj/Agent-BFYM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BFYM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Agent-BFYM?



File Info:

name: BDE7FFBA7F15A8C55648.mlw
path: /opt/CAPEv2/storage/binaries/f6664ea1b946bb686db64da02595e5e632b458a02dc55510bd24d302bbdbd175
crc32: 4EDEE9D7
md5: bde7ffba7f15a8c55648df14fc587d47
sha1: 8406b3d62ef328fa80ff06ef29019e82d509ebda
sha256: f6664ea1b946bb686db64da02595e5e632b458a02dc55510bd24d302bbdbd175
sha512: 1778f17ca811dafcb719db29bb728fef0cc7243e3cbb7b499362e1ace410c289d818cf956b00a6dd2877da2157af8b45dd2374e59519b47f4a8be8497f164562
ssdeep: 12288:YJ7FbZ2l0J/oUMDf5vDhqT27LgjcTjkQvSgsyA:YJ73OK/oHsTnYTKgsy
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T13AB412FBAE63877BFE1F1CF0200274DD08FDD6ADC1256999181177DC398958AAC6260E
sha3_384: dd8806acea9566ae8e2e2d4bff65b03512eaea47075716af67732d7a27063a07792be21689412e22453e725b3fc3c960
ep_bytes: 60beed6444384381c384445b7bbe0000
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Troj/Agent-BFYM also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.576052
FireEyeGeneric.mg.bde7ffba7f15a8c5
ALYacGen:Variant.Razy.576052
Cylanceunsafe
VIPREGen:Variant.Razy.576052
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057984e1 )
AlibabaTrojan:Win32/Injector.4dcb49da
K7GWTrojan ( 0057984e1 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/S-91c2cc44!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.EBQH
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.576052
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Generic.Ocnw
EmsisoftGen:Variant.Razy.576052 (B)
DrWebTrojan.Inject4.12086
ZillyaTrojan.Injector.Win32.796306
TrendMicroPAK_Xed-10
McAfee-GW-EditionBehavesLike.Win32.Generic.gm
SophosTroj/Agent-BFYM
IkarusTrojan.Win32.Injector
GDataGen:Variant.Razy.576052
JiangminTrojan.Injuke.als
AviraHEUR/AGEN.1200606
Antiy-AVLGrayWare/Win32.Kryptik.ffp
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Razy.D8CA34
MicrosoftTrojan:Win32/Casur.A!cl
GoogleDetected
AhnLab-V3Malware/Win32.RL_Generic.R263763
Acronissuspicious
McAfeeGenericRXMY-XL!BDE7FFBA7F15
MAXmalware (ai score=89)
VBA32BScope.Trojan.Wacatac
TrendMicro-HouseCallPAK_Xed-10
RisingTrojan.Injector!1.E280 (CLASSIC)
YandexTrojan.Agent!pQlRd2NDODk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.EBQH!tr
BitDefenderThetaGen:NN.ZexaF.36308.EmW@aG0ujDd
AVGWin32:Evo-gen [Trj]
PandaTrj/Genetic.gen

How to remove Troj/Agent-BFYM?

Troj/Agent-BFYM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment