Categories: Backdoor

What is “UDS:Backdoor.Win32.Convagent”?

The UDS:Backdoor.Win32.Convagent is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What UDS:Backdoor.Win32.Convagent virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Chinese (Singapore)
The binary likely contains encrypted or compressed data.
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics

How to determine UDS:Backdoor.Win32.Convagent?


File Info:
crc32: 3B3934C2md5: 2c488e751cc8d933035d0f5dc398d6efname: 2C488E751CC8D933035D0F5DC398D6EF.mlwsha1: 3e9253b08dc561926aaacc85ddb5db7e30665100sha256: ec17b8acb8f6608995dcff248faf23b5d972511e88319bec1be4ecf48e20b75asha512: 173b856c1283767e4604bfe06fba9410891173c07d8478553e2a2a972e61d668d3c922592085a2d1af47e8fe4a105caaaf197685382a317d30d307fdb46e75cbssdeep: 6144:HcJUSrxIjmId697BOecQEs1TVickZOApMKYWbCz39KXZ2S7Kod5mjYur:7SruXM9tb+s1pAZdYx9KF5mjtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x020b 0x052b

UDS:Backdoor.Win32.Convagent also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.08dc56
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	FileRepMetagen [Malware]
Kaspersky	UDS:Backdoor.Win32.Convagent.gen
Sophos	ML/PE-A
BitDefenderTheta	Gen:NN.ZexaF.34058.yuW@aWpvoQlH
McAfee-GW-Edition	BehavesLike.Win32.Generic.fh
FireEye	Generic.mg.2c488e751cc8d933
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
eGambit	Unsafe.AI_Score_98%
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
Acronis	suspicious
Rising	Trojan.Kryptik!1.C6FC (CLASSIC)
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMetagen [Malware]
Paloalto	generic.ml