Malware

Troj/Agent-BGZJ (file analysis)

Malware Removal

The Troj/Agent-BGZJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Agent-BGZJ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Agent-BGZJ?



File Info:

name: 1C3AA7DB8A16FF70EFC4.mlw
path: /opt/CAPEv2/storage/binaries/21459395e686f772de723025c4c788907d3772f0bf29893914dec3d6712bb43a
crc32: 4557B723
md5: 1c3aa7db8a16ff70efc4cc3812e2c2de
sha1: 43a6f9f43ee0fa3019e94ba37e35e02c43ed8522
sha256: 21459395e686f772de723025c4c788907d3772f0bf29893914dec3d6712bb43a
sha512: 77588ebf6b5e633a74024e2af6c2e19431102295c841779e27fc82907776a3919cb1a74f63900a3300220c82da617efd883b29204de05f35d3612ce8d25703a1
ssdeep: 1536:UliInXbwT98LqkuNSxHodXSkV79vdxFc6mcoB1a60CmuJd4BXL:LTOmxExIZSkVhC6y5Bbd45
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B683020DD220DF5CE46113FE97F778E59F2E9084319CA606994E07D92F4087C986E96F
sha3_384: 64ed1b999417850ec713e53248c9bd4cb640320b2e9f922cc6778d069dbbaabd01e196e3b20a80249f848e32a0e33f9e
ep_bytes: be000000005381c2ad73e9954a58525f
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Troj/Agent-BGZJ also known as:

LionicTrojan.Win32.Copak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed2.43250
MicroWorld-eScanGen:Variant.Lazy.327786
ClamAVWin.Packed.Copak-9853643-0
FireEyeGeneric.mg.1c3aa7db8a16ff70
ALYacGen:Variant.Lazy.327786
MalwarebytesMalware.AI.2752921474
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Injector.58d93e58
K7GWTrojan ( 0058c5ff1 )
K7AntiVirusTrojan ( 0058c5ff1 )
BitDefenderThetaGen:NN.ZexaF.36196.fmY@aqxLbnk
CyrenW32/Kryptik.DCC.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.HITO
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Copak.vho
BitDefenderGen:Variant.Lazy.327786
NANO-AntivirusTrojan.Win32.Agent.ixszcw
AvastWin32:Evo-gen [Trj]
RisingTrojan.Injector!1.C865 (CLASSIC)
EmsisoftGen:Variant.Lazy.327786 (B)
F-SecureHeuristic.HEUR/AGEN.1331376
VIPREGen:Variant.Lazy.327786
McAfee-GW-EditionBehavesLike.Win32.BadFile.mc
SophosTroj/Agent-BGZJ
IkarusTrojan.Kryptik
GDataWin32.Trojan.PSE.7N8VJ8
JiangminTrojan.Copak.ceh
AviraHEUR/AGEN.1331376
Antiy-AVLGrayWare/Win32.Tampering.s
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Lazy.D5006A
ZoneAlarmHEUR:Trojan.Win32.Copak.vho
MicrosoftTrojan:Win32/Injector.RAQ!MTB
GoogleDetected
AhnLab-V3Win32/Viking.suspicious
Acronissuspicious
McAfeeGenericRXAA-FA!1C3AA7DB8A16
MAXmalware (ai score=82)
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
PandaTrj/Genetic.gen
TencentTrojan.Win32.Copak.hb
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HITO!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.43ee0f
DeepInstinctMALICIOUS

How to remove Troj/Agent-BGZJ?

Troj/Agent-BGZJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment