Trojan

Trojan.Agent.BAWS malicious file

Malware Removal

The Trojan.Agent.BAWS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BAWS virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Detects Joe or Anubis Sandboxes through the presence of a file
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Agent.BAWS?



File Info:

name: E1F6A82952AAF848C533.mlw
path: /opt/CAPEv2/storage/binaries/a3a74624c2dfd3063c32702c47f622a8c54856834685cf6cad24780ac986ac90
crc32: DB5A9306
md5: e1f6a82952aaf848c5337ead041bcfee
sha1: 473cd3e0432131d1ea64b2e1a5226e93f44ac5fc
sha256: a3a74624c2dfd3063c32702c47f622a8c54856834685cf6cad24780ac986ac90
sha512: 8e1121d50a75ee3d93946911466155c5b588483eabf8a4a2f29a4565a78504350627368f8ad8332a97df46587e0bf7d6903ec53654f1debf8f5aa198a8ee7b67
ssdeep: 384:Zg4XHoHN+7n3rJNYyJaMzjxE+ydSAof/KUIiO8zWNMe26zCQSUu1rtba2gJe8ML2:b3vJNYyJaMxIdnG/KNl8WmzSu1rtAML2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8E2297C9AD0297AE3BBD57685F151D2B920BC637901880E509B3B850C33F27BDA161E
sha3_384: 92867980df68865155a7f7faffde2c48a93c0de413c01d03cf6e8e10ccd7201f8c8207fcd799e32e1411e682e4b36f16
ep_bytes: 60be009040008dbe0080ffff57eb0b90
timestamp: 2013-11-25 21:43:22


Version Info:

0: [No Data]

Trojan.Agent.BAWS also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.Agent.BAWS
FireEyeGeneric.mg.e1f6a82952aaf848
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacTrojan.Agent.BAWS
MalwarebytesMalware.AI.1141855642
ZillyaTrojan.Bublik.Win32.12979
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderTrojan.Agent.BAWS
K7GWTrojan-Downloader ( 0048f6391 )
K7AntiVirusTrojan-Downloader ( 0048f6391 )
ArcabitTrojan.Agent.BAWS
VirITTrojan.Win32.Zbot.DXX
CyrenW32/Trojan.WTEK-0368
SymantecDownloader
tehtrisGeneric.Malware
ESET-NOD32Win32/TrojanDownloader.Waski.A
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Agent-1296424
KasperskyHEUR:Trojan-Downloader.Win32.Upatre.gen
NANO-AntivirusTrojan.Win32.DownLoad3.cqkedt
AvastWin32:Trojan-gen
RisingTrojan.DL.Win32.Upatre.adm (CLASSIC)
EmsisoftTrojan.Agent.BAWS (B)
F-SecureTrojan.TR/Agent.BAWS
DrWebTrojan.DownLoad3.30891
VIPRETrojan.Agent.BAWS
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionTrojan-FRKF!193B01E30F2E
Trapminesuspicious.low.ml.score
SophosTroj/Agent-AEYI
IkarusTrojan-Spy.Zbot
JiangminTrojan/Bublik.ghx
AviraTR/Agent.BAWS
Antiy-AVLTrojan/Win32.Waski.a
XcitiumTrojWare.Win32.TrojanDownloader.Waski.EA@5ixvig
MicrosoftTrojanDownloader:Win32/Upatre
ZoneAlarmHEUR:Trojan-Downloader.Win32.Upatre.gen
GDataTrojan.Agent.BAWS
GoogleDetected
AhnLab-V3Trojan/Win32.Zbot.C221087
McAfeeGenericRXAA-AA!E1F6A82952AA
MAXmalware (ai score=84)
VBA32Trojan.Bublik
Cylanceunsafe
PandaGeneric Suspicious
TrendMicro-HouseCallTROJ_UPATRE.SM37
TencentMalware.Win32.Gencirc.10be7e39
YandexTrojan.Bublik!sANyiuQTtCQ
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Krptik.AIX!tr
BitDefenderThetaGen:NN.ZexaF.36132.bmHfamSqMrli
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS

How to remove Trojan.Agent.BAWS?

Trojan.Agent.BAWS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment