Trojan:MSIL/Bogoclak.A (file analysis)

The Trojan:MSIL/Bogoclak.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/Bogoclak.A virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/Bogoclak.A?


File Info:
name: 27AD8885D66C73546ED3.mlw
path: /opt/CAPEv2/storage/binaries/43ba21e439aa2b246f2c83f680b168a76b2e38ec9c070b3c8f859a50491cccd3
crc32: 0DA71961
md5: 27ad8885d66c73546ed30b26bad4a6c4
sha1: 0b45a1b04ca22c1bb714d0706ab2d8b2d3af4ea9
sha256: 43ba21e439aa2b246f2c83f680b168a76b2e38ec9c070b3c8f859a50491cccd3
sha512: 3d44e4a3329a804b9b3a4f61f162ac8d0b7bc77e57ddb42476f79560e50a9a6d32050d84c9748b3583ccd3baca233cd9b9fd4caaa6fa8280fc5304f91c19524c
ssdeep: 3072:MF0TDRuuY0A0Zc49h2TgysANzTDrRgiMEtAXpdY2sie/AppQg7qHQ6U3Lrhki8br:MF0ji49UgysAhNd
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1713562FE2367416DCAAE49358E17C6DE023A5CEC600D561D32B1FAAFDD7208924B35D2
sha3_384: d4df51a542a146efcc084ae564fb2285812deb4ae8878175b424121744f70265c586ae13a9ecbabdc17098ba7a112e57
ep_bytes: ff250020400000000000000000000000
timestamp: 2011-12-29 15:45:26

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: chrome.exe
LegalCopyright:  
OriginalFilename: chrome.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/Bogoclak.A also known as:

MicroWorld-eScan	Gen:Variant.Ursu.212991
FireEye	Generic.mg.27ad8885d66c7354
ALYac	Gen:Variant.Ursu.212991
Cylance	Unsafe
Zillya	Trojan.Agent.Win32.200262
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
Cybereason	malicious.5d66c7
Cyren	W32/MSIL_Troj.BF.gen!Eldorado
Symantec	Trojan.Gen
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.OND
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Backdoor.MSIL.VKont.gen
BitDefender	Gen:Variant.Ursu.212991
NANO-Antivirus	Trojan.Win32.Agent.dkklgf
Avast	Win32:Agent-AMNM [Trj]
Tencent	Msil.Backdoor.Vkont.Xmhl
Ad-Aware	Gen:Variant.Ursu.212991
Emsisoft	Gen:Variant.Ursu.212991 (B)
Comodo	Malware@#10nwa1reanv8l
DrWeb	BackDoor.CmdShellNET.2
VIPRE	Gen:Variant.Ursu.212991
McAfee-GW-Edition	GenericRXFJ-LF!27AD8885D66C
Sophos	Mal/Keylog-K
Ikarus	Backdoor.MSIL
GData	Gen:Variant.Ursu.212991
Webroot	W32.Trojan.Gen
Avira	TR/Spy.Gen
Arcabit	Trojan.Ursu.D33FFF
Microsoft	Trojan:MSIL/Bogoclak.A
Google	Detected
AhnLab-V3	Spyware/Win32.Zbot.R112305
McAfee	GenericRXFJ-LF!27AD8885D66C
MAX	malware (ai score=88)
Malwarebytes	Malware.AI.3971298939
Rising	Backdoor.VKont!8.3088 (TFE:dGZlOg0Uyp0r9+hFGA)
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Stealors.NET!tr
BitDefenderTheta	Gen:NN.ZemsilF.34646.en0@a4r7T9p
AVG	Win32:Agent-AMNM [Trj]
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan:MSIL/Bogoclak.A?

Trojan:MSIL/Bogoclak.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X