Trojan

Trojan.Agent.BCQY removal instruction

Malware Removal

The Trojan.Agent.BCQY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Agent.BCQY virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Trojan.Agent.BCQY?


File Info:

name: 53B99F4938FC7E86E149.mlw
path: /opt/CAPEv2/storage/binaries/0195ad5e7fdf2b8787cf9ce5a0635d856c9dce0db5b48daee81ef6a19a715b5e
crc32: A7F2688E
md5: 53b99f4938fc7e86e14993c7e72edcc4
sha1: f47876469c7dba2061b0376a96cf59b8d1b90328
sha256: 0195ad5e7fdf2b8787cf9ce5a0635d856c9dce0db5b48daee81ef6a19a715b5e
sha512: 406cdc24c460193145c4b1d91a98aec2257cc8d639a0a0ce62f67192081725d2af35314bb8a76b16cc88e19b43e6dfcd72a98832c010d029fe0f1537afa0e9a3
ssdeep: 6144:YRfgxSwZWlzlqIliW+TdWAVF8rt6BleVqSu9GS5uz6t2pM1egmYU7TnZ:Ygxc9+TYprtbqYS5uz68pM1ehYUB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D18423E6BB55EC0EC50313394F63ACB193405CD549A6AF5DA198FB4CF87BA54EA0C80B
sha3_384: 3ecaf16ba4620cf4abfb56fcd9a5b3c3bde8f2693a5bc33b08bce2d38727f8f54f0f530a106f5160b328ca19b8df7ca1
ep_bytes: 60be00404c008dbe00d0f3ff5783cdff
timestamp: 2014-03-30 12:56:02

Version Info:

FileVersion: 2.3.0.0
FileDescription: 官方网站
ProductName: 官方网站
ProductVersion: 2.3.0.0
CompanyName: 官方网站
LegalCopyright: 官方网站
Comments: 官方网站
Translation: 0x0804 0x04b0

Trojan.Agent.BCQY also known as:

tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Agent.BCQY
FireEyeGeneric.mg.53b99f4938fc7e86
CAT-QuickHealHacktool.Flystudio.16558
McAfeeGenericRXAA-AA!53B99F4938FC
CylanceUnsafe
ZillyaDownloader.FlyStudio.Win32.2893
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.938fc7
VirITTrojan.Win32.Generic.CCAG
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/TrojanDownloader.FlyStudio.AZ
APEXMalicious
ClamAVWin.Trojan.Agent-1208660
Kasperskynot-a-virus:RiskTool.Win32.Agent.gul
BitDefenderTrojan.Agent.BCQY
NANO-AntivirusRiskware.Win32.Agent.cxbfeq
SUPERAntiSpywareTrojan.Agent/Gen-FlyStudio
AvastWin32:DropperX-gen [Drp]
TencentMalware.Win32.Gencirc.10b396f0
Ad-AwareTrojan.Agent.BCQY
SophosGeneric ML PUA (PUA)
DrWebTrojan.DownLoader11.4242
VIPRETrojan.Agent.BCQY
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.high.ml.score
EmsisoftTrojan.Agent.BCQY (B)
IkarusTrojan-Downloader.Flystudio
GDataWin32.Trojan.PSE.KK1RXL
JiangminTrojan.Agent.ebp
GoogleDetected
AviraTR/Skeeyah.mdqdb
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R184635
BitDefenderThetaGen:NN.ZexaF.34646.wmLfaa4fgqjb
ALYacTrojan.Agent.BCQY
MAXmalware (ai score=89)
MalwarebytesRiskWare.Packed.FlyStudio
YandexRiskware.Agent!JCNZshfFLjc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AP.1E2FC7!tr
AVGWin32:DropperX-gen [Drp]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Agent.BCQY?

Trojan.Agent.BCQY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment