Trojan

Trojan.ConvagentPMF.S24858321 removal instruction

Malware Removal

The Trojan.ConvagentPMF.S24858321 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.ConvagentPMF.S24858321 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Urdu (India)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Trojan.ConvagentPMF.S24858321?



File Info:

name: 80435467BE1CDA0D6564.mlw
path: /opt/CAPEv2/storage/binaries/62b348c4925b88bbc91f84004ede55e743ee407312b147b6d55d6ac608a30adf
crc32: AF1931AB
md5: 80435467be1cda0d6564f0f31fc4dd93
sha1: e04575ed6612873adf71317b7eb002fc87565738
sha256: 62b348c4925b88bbc91f84004ede55e743ee407312b147b6d55d6ac608a30adf
sha512: 075e1c08758a89ad7e48240543fe0891e0a5f51a95aea735b50c0ba3f2bbaababd6ba87a1572c835f293b94ea7750d47aa787d5530158dca950996536c6d945f
ssdeep: 3072:q7Y4z1YII+Q9NTH/hC62ZCFmoesmUFnHqXRs:cWII+Q9N7/kVZuTdXFHA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CAF38D2137E1C836F4F7363066F0C6B1193AF9722631958B2758262E2E702D09EBD757
sha3_384: 8b737ae2f481ff8673bb19e4dea560c32bf82bd3b48b4afc5b565f32b935085ccf1be07fe65e496b887c21a159180ef9
ep_bytes: e8d4330000e989feffffcccccccccce8
timestamp: 2020-12-24 05:16:10


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.37.25
Translation: 0x0117 0x046a

Trojan.ConvagentPMF.S24858321 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Zitirez.kq0@buof@XaOL
FireEyeGeneric.mg.80435467be1cda0d
CAT-QuickHealTrojan.ConvagentPMF.S24858321
McAfeeLockbit-FSWW!80435467BE1C
MalwarebytesTrojan.MalPack.GS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058aa031 )
AlibabaRansom:Win32/StopCrypt.03e6d3b5
K7GWTrojan ( 0058aa031 )
Cybereasonmalicious.d66128
CyrenW32/StopCrypt.B.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.HNJQ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Heur.Mint.Zitirez.kq0@buof@XaOL
NANO-AntivirusTrojan.Win32.Kryptik.jifbkg
AvastWin32:CrypterX-gen [Trj]
RisingTrojan.Kryptik!1.DAC3 (CLASSIC)
Ad-AwareGen:Heur.Mint.Zitirez.kq0@buof@XaOL
DrWebTrojan.Siggen15.46436
ZillyaTrojan.Kryptik.Win32.3618805
McAfee-GW-EditionBehavesLike.Win32.Emotet.ch
Trapminemalicious.high.ml.score
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Mokes.eti
AviraHEUR/AGEN.1229061
MicrosoftRansom:Win32/StopCrypt.PU!MTB
GDataGen:Heur.Mint.Zitirez.kq0@buof@XaOL
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPe.R451298
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34712.kq0@auof@XaO
ALYacGen:Heur.Mint.Zitirez.kq0@buof@XaOL
MAXmalware (ai score=81)
VBA32Malware-Cryptor.2LA.gen
TencentTrojan-Spy.Win32.Stealer.16000121
YandexTrojan.Agent!QKMqd4eWOQ8
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.PSE!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.ConvagentPMF.S24858321?

Trojan.ConvagentPMF.S24858321 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment