Trojan

What is “Trojan.Agent.BFBM”?

Malware Removal

The Trojan.Agent.BFBM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BFBM virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan.Agent.BFBM?



File Info:

name: A45779CA8E48086440A0.mlw
path: /opt/CAPEv2/storage/binaries/b539a83caca6f3ccb97105a96e44ca25e30f9f63e26f8626e297147e382674f6
crc32: A1F68F4D
md5: a45779ca8e48086440a0e9e6a8eec8f7
sha1: 60a665285440cbd88cd987496aba12e5090a2bc7
sha256: b539a83caca6f3ccb97105a96e44ca25e30f9f63e26f8626e297147e382674f6
sha512: 4a3a82eef4636b1f913f422c47be346183645f2de50d04c69f061e63ecd395e054446755dad107f49ede7818fe0f0e8d7332bd0d0b6f78fe9fc717110223ad28
ssdeep: 192:jTU9g9cVUz0wgJMGNT5NzNkFsZP1oynw0UWdto9KZjzqI/V2+m6DeVoC5vlQp:cVk0wrG7NRkSl16t8to9KJzqIE+mdhs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ADA2B39A52D1793CD1660E7915E2C7864634BC212F5A82CF7E4CF508B87F6C3A8F075A
sha3_384: 93035f4f471cab2250a382634c7d20cca77ae339e27271d11b54d17951310f079da1447827f2c0c8282f04f8dd501f7e
ep_bytes: 53b8ffff0010e8a2f9ffff5bc3ccff25
timestamp: 1995-08-29 04:02:04


Version Info:

FileDescription: JuJu
FileVersion: 2.1.2.11
LegalCopyright: Copyright 2009-2013 all authors
OriginalFilename: JuJu.exe
ProductName: JuJu
ProductVersion: 2.1.2.11
CompanyName: JuJu corporation
Translation: 0x0411 0x04b2

Trojan.Agent.BFBM also known as:

BkavW32.FamVT.GeND.Trojan
LionicTrojan.Win32.Crypt.m2KH
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.BFBM
FireEyeGeneric.mg.a45779ca8e480864
CAT-QuickHealTrojanDownloader.Upatre.AA4
McAfeeDownloader-FSH
CylanceUnsafe
ZillyaTrojan.Cryptodef.Win32.186
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0055e3da1 )
BitDefenderTrojan.Agent.BFBM
K7GWTrojan-Downloader ( 0055e3da1 )
Cybereasonmalicious.a8e480
BitDefenderThetaAI:Packer.16E5CF4E1F
VirITTrojan.Win32.Generic.AW
CyrenW32/Trojan.RFPS-5185
SymantecBackdoor.Trojan
ESET-NOD32Win32/TrojanDownloader.Waski.A
BaiduWin32.Trojan-Downloader.Waski.a
TrendMicro-HouseCallTROJ_UPATRE.SM37
ClamAVWin.Downloader.Upatre-5744092-0
KasperskyTrojan-Downloader.Win32.Upatre.edv
AlibabaMalware:Win32/km_24892.None
NANO-AntivirusTrojan.Win32.Cryptodef.demivm
RisingDownloader.Waski!8.184 (CLOUD)
SophosML/PE-A + Troj/Upatre-EU
ComodoTrojWare.Win32.TrojanDownloader.Waski.DA@5iyglc
DrWebTrojan.DownLoader11.30467
VIPRETrojan.Win32.Upatre.buu (v)
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionDownloader-FSH!A45779CA8E48
EmsisoftTrojan.Agent.BFBM (B)
APEXMalicious
JiangminTrojan/Cryptodef.ax
eGambitUnsafe.AI_Score_88%
AviraHEUR/AGEN.1120686
MAXmalware (ai score=84)
Antiy-AVLTrojan[Ransom]/Win32.Cryptodef
MicrosoftTrojanDownloader:Win32/Upatre
SUPERAntiSpywareTrojan.Agent/Gen-Waski
ZoneAlarmTrojan-Downloader.Win32.Upatre.edv
GDataTrojan.Agent.BFBM
SentinelOneStatic AI – Suspicious PE
AhnLab-V3Spyware/Win32.Zbot.C535016
VBA32Hoax.Cryptodef
MalwarebytesTrojan.Upatre
PandaTrj/Genetic.gen
TencentTrojan-Downloader.Win32.Waski.16000151
YandexTrojan.Cryptodef!QcEcO+hhoLs
IkarusTrojan.Win32.Bublik
FortinetW32/Waski.A!tr.dldr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Agent.BFBM?

Trojan.Agent.BFBM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment