Malware

Troj/Agent-BFYM information

Malware Removal

The Troj/Agent-BFYM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BFYM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Agent-BFYM?



File Info:

name: E0963819ADC4E3F842DC.mlw
path: /opt/CAPEv2/storage/binaries/193a7bbd7f51753c3a7b3ddf17411937f139840509981371778322f6105d829e
crc32: DA351766
md5: e0963819adc4e3f842dca5b1bcc335cd
sha1: 5caed3debd1cab7eb35ffbbb0d2ac6b53f4d195a
sha256: 193a7bbd7f51753c3a7b3ddf17411937f139840509981371778322f6105d829e
sha512: 11aa15f85da1936f00a625142d9f28bbad40248dde9e56e27c30ce9841c02d72a1e2b50264c20e30ac16074c9cfd251c0cc9db31dbd4fc1a421228c2e39a888c
ssdeep: 12288:rXCjxCVeL5UFbkMKw4T66AS/DgPXc0mIomUoXYFpX:rqC8L5UFgNc6rb6AI5UoIF
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T158B4238BE045D50ECF338BBEF39A0FC0A1E1D879D19849B1CD75D80BB2684254ADBAC4
sha3_384: 8b3ec9c4a43d9015b8c530553d1b3859f93d7bae6db28288acc1bfcde53cef0626a816e1b9dfd600c961fe3cca785432
ep_bytes: 60be889434fb29c189c1ba0000000089
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Troj/Agent-BFYM also known as:

LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.576052
FireEyeGeneric.mg.e0963819adc4e3f8
McAfeeGenericRXAA-FA!E0963819ADC4
MalwarebytesMalware.Heuristic.1003
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057984e1 )
AlibabaTrojan:Win32/Injector.a9e078fb
K7GWTrojan ( 0057984e1 )
Cybereasonmalicious.9adc4e
CyrenW32/S-91c2cc44!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.EBQH
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.576052
NANO-AntivirusTrojan.Win32.Razy.igrnig
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Generic.Pjgl
SophosTroj/Agent-BFYM
F-SecureHeuristic.HEUR/AGEN.1200606
DrWebTrojan.Inject4.12086
VIPREGen:Variant.Razy.576052
McAfee-GW-EditionBehavesLike.Win32.Generic.gm
EmsisoftGen:Variant.Razy.576052 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.576052
AviraHEUR/AGEN.1200606
MAXmalware (ai score=81)
Antiy-AVLGrayWare/Win32.Kryptik.ffp
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Razy.D8CA34
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Casur.A!cl
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R263763
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.36308.EmW@aa@cnPk
ALYacGen:Variant.Razy.576052
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
RisingTrojan.Injector!1.E280 (CLASSIC)
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.EBQH!tr
AVGWin32:Evo-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Troj/Agent-BFYM?

Troj/Agent-BFYM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment