Trojan

Trojan.Agent.BEMA removal tips

Malware Removal

The Trojan.Agent.BEMA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BEMA virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Trojan.Agent.BEMA?



File Info:

name: F902CE169FE799DD6E57.mlw
path: /opt/CAPEv2/storage/binaries/c29c41321e13b81546ea4167ab6a9ed0733c04c9563b5ec5882fceb60d9cb2ee
crc32: 4EB55393
md5: f902ce169fe799dd6e57142a16e90fc9
sha1: cc63c1142102f3729b2da893eec77008861dfbf9
sha256: c29c41321e13b81546ea4167ab6a9ed0733c04c9563b5ec5882fceb60d9cb2ee
sha512: 652c19d1833a106fb92dd41cb82ca1673cb9ba87ea6b12331234354faebd37ed6b9400588675ae00a5eea8188e30486512565f5486fc6961f09e0967880ee901
ssdeep: 3072:7KkEbhpI7/IzZGFjgbFqR44tUaIo85UKquVBFi+DuVBFi+e:7Vr7/cUFjmortPBequTDuTe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C3D3D0C17260C832C6F54D3448A1DBA11F7DB8126771567BBB9429BA2FB17908FB831B
sha3_384: 75d6ce377943684e28b71d9ba954203f54c2184f09fdf371bf2e38700ab7a8bbf7b39fb0d74156da3515d73dbcb2185b
ep_bytes: e8101a0000e989feffff578bc683e00f
timestamp: 2014-08-06 09:20:02


Version Info:

0: [No Data]

Trojan.Agent.BEMA also known as:

BkavW32.AIDetect.malware1
LionicWorm.Win32.Aspxor.lZTG
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.f902ce169fe799dd
CAT-QuickHealTrojanDownloader.Kuluoz.B5
ALYacTrojan.Agent.BEMA
CylanceUnsafe
ZillyaTrojan.Inject.Win32.80719
SangforTrojan.Win32.GenMalicious.atAMT
K7AntiVirusTrojan-Downloader ( 0053b0ea1 )
AlibabaTrojanDownloader:Win32/Zortob.338932ad
K7GWTrojan-Downloader ( 003a8f751 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan-Downloader.Zortob.d
CyrenW32/Zbot.QU.gen!Eldorado
SymantecTrojan.Asprox.B
ESET-NOD32Win32/TrojanDownloader.Zortob.H
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.BEMA
NANO-AntivirusTrojan.Win32.Inject.ddoude
SUPERAntiSpywareTrojan.Agent/Gen-Zortob
MicroWorld-eScanTrojan.Agent.BEMA
AvastWin32:GenMalicious-AMT [Trj]
TencentTrojan.Win32.Inject.okona
Ad-AwareTrojan.Agent.BEMA
EmsisoftTrojan.Agent.BEMA (B)
ComodoTrojWare.Win32.Spy.Zbot.NT@5e54lf
DrWebBackDoor.Kuluoz.4
VIPRELooksLike.Win32.Kuluoz.a (v)
TrendMicroBKDR_KULUOZ.SM04
McAfee-GW-EditionDownloader-FAEZ!F902CE169FE7
SophosML/PE-A + Troj/Wonton-EL
SentinelOneStatic AI – Suspicious PE
GDataTrojan.Agent.BEMA
JiangminTrojan/Inject.aspm
AviraTR/Kuluoz.lrsd
Antiy-AVLTrojan/Generic.ASMalwS.B541E4
MicrosoftTrojanDownloader:Win32/Kuluoz.D
TACHYONTrojan/W32.Agent.130048.XJ
AhnLab-V3Trojan/Win32.Asprox.R115455
Acronissuspicious
McAfeeDownloader-FAEZ!F902CE169FE7
MAXmalware (ai score=86)
VBA32Trojan.Inject
MalwarebytesMalware.AI.4059389381
TrendMicro-HouseCallBKDR_KULUOZ.SM04
RisingTrojan.Generic@ML.87 (RDML:66rkSsjq5tMMlPgMCjRcDg)
YandexTrojan.Inject!mjmaT7jsDzU
IkarusTrojan.Kuluoz
FortinetW32/Agent.BELK!tr
BitDefenderThetaGen:NN.ZexaF.34294.huW@aGc2lMpi
AVGWin32:GenMalicious-AMT [Trj]
PandaTrj/Genetic.gen

How to remove Trojan.Agent.BEMA?

Trojan.Agent.BEMA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment