Categories: Trojan

About “Trojan:Win32/AgentBypass!AA” infection

The Trojan:Win32/AgentBypass!AA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/AgentBypass!AA virus can do?

Behavioural detection: Executable code extraction – unpacking
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Detects Bochs through the presence of a registry key
Checks the version of Bios, possibly for anti-virtualization
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Operates on local firewall’s policies and settings
Harvests cookies for information gathering
Collects information to fingerprint the system
Anomalous binary characteristics
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/AgentBypass!AA?


File Info:
name: CFAD6DEA13E6AE029B90.mlwpath: /opt/CAPEv2/storage/binaries/742631f6554f142dda32f214699c9b31afe7aed8c43c0055b11f3d52f65a649ccrc32: 1EBD58B1md5: cfad6dea13e6ae029b90c7efe0dd70c9sha1: 6bc36165579cf05485b77bb27af12469697f6e6asha256: 742631f6554f142dda32f214699c9b31afe7aed8c43c0055b11f3d52f65a649csha512: 8d574ef9298caf8f599a265816fbb130e7f5f49962f22b81ad9ae76f0607c6cc91f60ebe60fe410c49a0ed8d660ecf4b72d0c9083a775e0f3288f585062bd6b6ssdeep: 24576:UmOHTJjQXEAc31k3AQqE+ZbBgSaeeL/M7tkHoN011rxKAKN6u8WRkT:qHpKAzyS6LU0k019xKjINTtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T186755D12B281543BE0A32B358C278EA46D377EB03D5E4E5B2EF47D0C6E396416E36647sha3_384: 7f81fb17d2c38859738828cedb5f1f1e0b8b9ed901b78c50950c80ad95b754fe1a9fab414d14445cc0b1385697fed733ep_bytes: 558becb9130000006a006a004975f953timestamp: 2010-08-01 10:03:40
Version Info:
CompanyName: LmhSoft.comFileDescription: Atomic Time SynchronizerFileVersion: 5.2.1.391InternalName: Atomic Time SynchronizerLegalCopyright: Copyright © 2010 LmhSoft.comLegalTrademarks: Atomic Time SynchronizerOriginalFilename: timesync.exeProductName: Atomic Time SynchronizerProductVersion: 5.2.1.391Comments: http://www.LmhSoft.comRelease Date: Aug 1 2010Translation: 0x0409 0x04e4

Trojan:Win32/AgentBypass!AA also known as:

Lionic	Trojan.Win32.Generic.4!c
McAfee	Artemis!CFAD6DEA13E6
Cylance	unsafe
Sangfor	Trojan.Win32.Agentbypass.Vk9b
Alibaba	Trojan:Win32/AgentBypass.afafcc2c
Cybereason	malicious.a13e6a
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/AceTools.A
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
NANO-Antivirus	Trojan.Win32.DataStealer.enpfgk
DrWeb	Trojan.DownLoader1.19900
McAfee-GW-Edition	BehavesLike.Win32.Infected.th
Webroot	W32.Malware.Heur
Antiy-AVL	Trojan/Win32.SGeneric
Microsoft	Trojan:Win32/AgentBypass.gen!AA
Xcitium	Suspicious@#1cur7wq4n04v7
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Google	Detected
MAX	malware (ai score=99)
Malwarebytes	Generic.Malware/Suspicious
Rising	Trojan.Generic@AI.100 (RDML:PxC59AQ+oyKJSlzT4L6dgg)
Ikarus	Trojan.Win32.Datastealer
MaxSecure	Trojan.Malware.96954194.susgen
Fortinet	W32/AceTools.A!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)