About “UDS:Rootkit.Win64.Agent.bll” infection

The UDS:Rootkit.Win64.Agent.bll is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What UDS:Rootkit.Win64.Agent.bll virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine UDS:Rootkit.Win64.Agent.bll?


File Info:
name: EA96BFACF26F7D5EB4B6.mlw
path: /opt/CAPEv2/storage/binaries/2c5c8a54e408863305d1160c79962e46a198169687632d6ac48fb3a2ac21c245
crc32: A170F207
md5: ea96bfacf26f7d5eb4b63023ddb059c7
sha1: 70c359fcddbf904443e6f995c10be06d4c5c6d24
sha256: 2c5c8a54e408863305d1160c79962e46a198169687632d6ac48fb3a2ac21c245
sha512: f4922c3d24b70e1c72d2daac2067c6213f0ca90c11f020820a7c9187f5e0a463aaaffa1144793ed8383e85c78a21d77924e41efe2be967d17b75e6662128efcb
ssdeep: 49152:xmGdFoEmasab3btrVg+0Im3osPe6BS40sPB2VXVscK0oKdTH4AUKm+s8KuqGaX05:QG6EmLw3bDgSmZW6BZs6uipkJBAUZL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T113765C937120E892F9480B77D1624334113A8E546876C597FB54BEA6FC34216BFAEE0F
sha3_384: 98a521c168bb8dad4c1493fe9fd331c3a7cd815dfacde27b51ec4f7cae421542ddcf43086c7865332600256c3356d82f
ep_bytes: 558bec6aff686055a400680488790064
timestamp: 2022-09-12 06:00:22

Version Info:
0: [No Data]

UDS:Rootkit.Win64.Agent.bll also known as:

Lionic	Riskware.Win32.Generic.1!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.ea96bfacf26f7d5e
McAfee	Artemis!EA96BFACF26F
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.ins
Cybereason	malicious.cddbf9
Cyren	W32/OnlineGames.HI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Cynet	Malicious (score: 100)
Paloalto	generic.ml
ClamAV	Win.Malware.Blackmoon-9951484-0
Kaspersky	UDS:Rootkit.Win64.Agent.bll
Sophos	Generic ML PUA (PUA)
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-Edition	BehavesLike.Win32.Generic.vh
Trapmine	suspicious.low.ml.score
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.FlyStudio.BKW799
Antiy-AVL	Trojan/Generic.ASCommon.FA
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
VBA32	BScope.Trojan.Tiggre
Malwarebytes	Trojan.MalPack.FlyStudio
Rising	Rootkit.Agent!1.6784 (CLASSIC)
Ikarus	AdWare.Win32.BlackMoon
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.65CA!tr
BitDefenderTheta	Gen:NN.ZexaF.34682.@tW@aWX9fDdb

How to remove UDS:Rootkit.Win64.Agent.bll?

UDS:Rootkit.Win64.Agent.bll removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X