Trojan

How to remove “Trojan.Agent.BCTH”?

Malware Removal

The Trojan.Agent.BCTH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BCTH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan.Agent.BCTH?



File Info:

name: 5D03CF08B6646530E598.mlw
path: /opt/CAPEv2/storage/binaries/398bad1e80c5c0d65e93a3e0405caf3363850b9b9dfec1ecb7dff41e2c3b50d1
crc32: 9F2976F7
md5: 5d03cf08b6646530e5989aed202edce6
sha1: 10ef84fc7a1d09adb2898796ab98041075228d55
sha256: 398bad1e80c5c0d65e93a3e0405caf3363850b9b9dfec1ecb7dff41e2c3b50d1
sha512: 4e2c53c436444c20d3e0135d03b1a0ec2f3c612caac4fadc3811335f9f512bbc658cfdb3b0f7e4997fe9478944619d568380170cb15ec0bb0aee2eea6904fbd0
ssdeep: 384:lgI06VgfTxO2yvUEPdGksYd13vfdHldhwLGEGka/JWOR:lgOmM28PdG4d13vfdHldhwyE4WOR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11FC26092FE8B0C94FE2319746877F631155EBF1A4867854EBA8E7506047F392B073A0A
sha3_384: 456840f7967b4ecb35bbe1b17da5eeb2361592be1d8d4a399e16b56d35bf224a99a0860738c62d8d47e268fa70006df6
ep_bytes: 558bec83ec385356576830104000ff15
timestamp: 2014-04-26 14:42:23


Version Info:

0: [No Data]

Trojan.Agent.BCTH also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.5d03cf08b6646530
CAT-QuickHealTrojanDownloader.Upatre.O3
McAfeeDownloader-FABG!5D03CF08B664
CylanceUnsafe
ZillyaDownloader.Agent.Win32.186556
K7AntiVirusTrojan-Downloader ( 0048f6391 )
K7GWTrojan-Downloader ( 0048f6391 )
CrowdStrikewin/malicious_confidence_70% (D)
VirITTrojan.Win32.Generic.DUZ
CyrenW32/Trojan.BLRU-2596
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Waski.A
APEXMalicious
ClamAVWin.Trojan.Agent-1115359
KasperskyTrojan-Downloader.Win32.Agent.hejm
BitDefenderTrojan.Agent.BCTH
NANO-AntivirusTrojan.Win32.DownLoad3.cxbuhj
ViRobotTrojan.Win32.Zbot.26624.C
MicroWorld-eScanTrojan.Agent.BCTH
AvastWin32:Injector-BSL [Trj]
TencentTrojan-Downloader.Win32.Waski.16000151
EmsisoftTrojan.Agent.BCTH (B)
DrWebTrojan.DownLoad3.28161
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTROJ_UPATRE.SMSG
McAfee-GW-EditionDownloader-FABG!5D03CF08B664
SophosML/PE-A + Troj/Agent-AGWZ
IkarusTrojan-Spy.Zbot
JiangminTrojanDownloader.Agent.eniu
AviraTR/Kryptik.gta.159
Antiy-AVLTrojan/Generic.ASMalwS.9B6F53
ZoneAlarmTrojan-Downloader.Win32.Agent.hejm
GDataTrojan.Agent.BCTH
AhnLab-V3Trojan/Win32.Zbot.C318551
VBA32BScope.TrojanDownloader.Agent
ALYacTrojan.Agent.BCTH
MAXmalware (ai score=85)
MalwarebytesMalware.AI.4043934523
TrendMicro-HouseCallTROJ_UPATRE.SMSG
RisingTrojan.DL.Win32.Upatre.amc (RDMK:cmRtazozwRpDX8Db0scWPB9Tn8S/)
YandexTrojan.DL.Waski!EWecf0PhGos
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Kryptik.OOV!tr
BitDefenderThetaGen:NN.ZexaF.34182.bmX@aiOcWRgk
AVGWin32:Injector-BSL [Trj]
Cybereasonmalicious.8b6646
PandaGeneric Malware

How to remove Trojan.Agent.BCTH?

Trojan.Agent.BCTH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment