Crack

What is “Win32/HackTool.Agent.BO potentially unsafe”?

Malware Removal

The Win32/HackTool.Agent.BO potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/HackTool.Agent.BO potentially unsafe virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

hi.baidu.com
infoflow.baidu.com
ocsp.globalsign.com

How to determine Win32/HackTool.Agent.BO potentially unsafe?



File Info:

crc32: CCA2454F
md5: 90565ec2cb5907bbddb4cace432dc59c
name: 90565EC2CB5907BBDDB4CACE432DC59C.mlw
sha1: f2304165f637dacefe997e92b2d061914379470b
sha256: 1dc332de8cafa1b020c62c6041ac4c07c44a78f4bbdda35880c7c80ec7318722
sha512: ef5dc894f6b1aeec4d3e9ff94e14e3b653c56a79504070d7c1aff2aebc60a0bd97a22faf226a11c81ea1a7b64cd48d7dbce0ebc48ead6b180260f61ff3707e43
ssdeep: 6144:JsMkhQ9abYgd+lILmLz8Ss8EHFqSQlj+sKewAOtsadUEGckOPKY4fNUP+BtaHcz:dgaYmLz8Ss824+BPsEGASYY1w
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2007
InternalName: Calc
FileVersion: 1, 0, 0, 1
ProductName: Calc x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: Calc Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: Calc.EXE
Translation: 0x0804 0x04b0

Win32/HackTool.Agent.BO potentially unsafe also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0057f6c71 )
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebWin32.HLLP.Siggen.54
CynetMalicious (score: 100)
CAT-QuickHealTrojan.ShellcodeRI.S21012863
ALYacGen:Trojan.ExplorerHijack.K80@aqHEThoj
CylanceUnsafe
ZillyaTool.Agent.Win32.72142
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWUnwanted-Program ( 0057d8cb1 )
Cybereasonmalicious.2cb590
CyrenW32/Patched.FU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/HackTool.Agent.BO potentially unsafe
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Processhijack-9868754-0
KasperskyHEUR:Exploit.Win32.ShellCode.vho
BitDefenderGen:Trojan.ExplorerHijack.K80@aqHEThoj
NANO-AntivirusTrojan.Win32.PEF13C.crhwoz
MicroWorld-eScanGen:Trojan.ExplorerHijack.K80@aqHEThoj
Ad-AwareGen:Trojan.ExplorerHijack.K80@aqHEThoj
SophosML/PE-A + Troj/Patched-BS
ComodoTrojWare.Win32.Bitrep.IW@7mfe0x
BitDefenderThetaGen:NN.ZexaF.34266.K80@aqHEThoj
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.hh
FireEyeGeneric.mg.90565ec2cb5907bb
EmsisoftGen:Trojan.ExplorerHijack.K80@aqHEThoj (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/JmGeneric.axj
AviraTR/Patched.Gen
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASBOL.C5A4
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.ExplorerHijack.ECDA3E
GDataGen:Trojan.ExplorerHijack.K80@aqHEThoj
AhnLab-V3Trojan/Win32.PEF13C.R140261
Acronissuspicious
McAfeeGenericR-DCM!90565EC2CB59
MAXmalware (ai score=99)
VBA32Trojan.PEF13C
MalwarebytesMalware.AI.4286468011
PandaTrj/CI.A
RisingTrojan.Patch!1.B0CF (CLASSIC)
YandexTrojan.GenAsa!VAhH/LwB5xA
IkarusTrojan.Win32.PEF13C
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Patched.IW!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Win32/HackTool.Agent.BO potentially unsafe?

Win32/HackTool.Agent.BO potentially unsafe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment