Trojan

Trojan.Agent.BPAZ (B) removal instruction

Malware Removal

The Trojan.Agent.BPAZ (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Agent.BPAZ (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Trojan.Agent.BPAZ (B)?



File Info:

name: C1EFE9DA582C8B0512F7.mlw
path: /opt/CAPEv2/storage/binaries/774cf87cb24aa187c01f8dde0358c167406c5b51891a4aa45b5c54eee4165e09
crc32: F4BE7D00
md5: c1efe9da582c8b0512f72d8eb6cefb7a
sha1: 61348a3f5b7ab64ace54671e3a7f699398e5443c
sha256: 774cf87cb24aa187c01f8dde0358c167406c5b51891a4aa45b5c54eee4165e09
sha512: cfa6b46a4cfbf81cd4c2a3645f7f9ab5ef98867a42b041801ed7c1a595b5c073eea1f7d05d382c83d66d3ec49dbff4fc7acfec685e11fdfdca40d1285c145094
ssdeep: 12288:28UGseyj8UKZJN92Yk3JX1TtmPEgcDHeejj:NAKZJNYYkHtCEaIj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18AE48CE739F1807BD67201744E957B78A6EBDA500F227AD32389878D5E35CC24B36236
sha3_384: a733c9a7669890b84d738d8f198980e5cb53dc645d3d1ed4a40b6b2d3dc018e074ca4f84b6434e91e738c2e48c51754f
ep_bytes: 558bec6aff68088d470068b810410064
timestamp: 2015-08-30 19:42:50


Version Info:

CompanyName: Simon Tatham
ProductName: PuTTY suite
FileDescription: SSH, Telnet and Rlogin client
InternalName: PuTTY
OriginalFilename: PuTTY
FileVersion: Release 0.64
ProductVersion: Release 0.64
LegalCopyright: Copyright © 1997-2015 Simon Tatham.
Translation: 0x0809 0x04b0

Trojan.Agent.BPAZ (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.BPAZ
FireEyeGeneric.mg.c1efe9da582c8b05
ALYacTrojan.Agent.BPAZ
CylanceUnsafe
ZillyaTrojan.Yakes.Win32.38479
SangforTrojan.Win32.Injector.8
K7AntiVirusTrojan ( 004cec631 )
AlibabaTrojan:Win32/Bulta.d2a31d1d
K7GWTrojan ( 004cec631 )
Cybereasonmalicious.a582c8
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Injector.CHVM
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Gh0stRAT-6992354-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.BPAZ
NANO-AntivirusTrojan.Win32.Yakes.dvwxuw
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b28989
Ad-AwareTrojan.Agent.BPAZ
SophosML/PE-A + Troj/Zbot-KDF
ComodoTrojWare.Win32.Dynamer.AS@60elso
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_INJECTOR_EK0404FE.UVPM
McAfee-GW-EditionPWSZbot-FAKV!C1EFE9DA582C
EmsisoftTrojan.Agent.BPAZ (B)
IkarusTrojan.Win32.Injector
JiangminTrojan.Generic.esyvx
WebrootW32.Gen.BT
AviraTR/AD.CeeInject.neyzo
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.14009E3
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Bulta!rfn
GDataTrojan.Agent.BPAZ
CynetMalicious (score: 100)
McAfeePWSZbot-FAKV!C1EFE9DA582C
VBA32Trojan.Yakes
MalwarebytesTrojan.Bunitu.ED
TrendMicro-HouseCallTROJ_INJECTOR_EK0404FE.UVPM
RisingTrojan.Generic@ML.98 (RDML:NIJ62yiB0yrUN7MY1aJjTw)
FortinetW32/Injector.CGQK!tr
BitDefenderThetaGen:NN.ZexaF.34294.Qy0@aaGcYxqj
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_80% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.Agent.BPAZ (B)?

Trojan.Agent.BPAZ (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment