Malware

About “Win32:Agent-BAUM [Trj]” infection

Malware Removal

The Win32:Agent-BAUM [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Agent-BAUM [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Win32:Agent-BAUM [Trj]?



File Info:

name: E56681521DB79245536D.mlw
path: /opt/CAPEv2/storage/binaries/003480087d71051ac38a8ed1df2b18c718c2fd2e21f2b36810444d698fe5e50b
crc32: 6086D05C
md5: e56681521db79245536da89828cce6f8
sha1: a7f09620671869242e9d9850f4be6d57b6186fab
sha256: 003480087d71051ac38a8ed1df2b18c718c2fd2e21f2b36810444d698fe5e50b
sha512: 903f3f7b5a301abb4c71202f064ef63b0fb8a2223eae1691fcf839963290bab7d5c6ec0cb4d260d281d2e9aa6ade235b7b725325182c18564b3eef1f421d579a
ssdeep: 3072:RiPsTgkMuRwjwOkmeokr2xkc3+6i4W5ei/TRMmUE3N8m564NAhD8sr56yQF0zAa8:0ETgkLGkoM2xv+Ui/OA9564NAVtQSuQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14544CF6342A5C324E625323629E8A7E523DA6CB950768C7FB0CEC30D3D57675E70C62B
sha3_384: 52508fbd35c566a8378b7ac12132d3c45c6d723e7cd8dfdf239bdccc2f4a44a1f2fcbcd0ac76d1e4aa4a5e63d16d8bc6
ep_bytes: 6840e24200e8eeffffff000000000000
timestamp: 2015-09-05 16:36:57


Version Info:

Translation: 0x0409 0x04b0
Comments: Designated
CompanyName: PC Tools
FileDescription: Headbander
ProductName: Keweenawbay8
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Sulaliwan2
OriginalFilename: Sulaliwan2.exe

Win32:Agent-BAUM [Trj] also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Zbot.l!c
DrWebTrojan.Siggen6.32796
MicroWorld-eScanGen:Heur.PonyStealer.qm0@c4xB4uci
FireEyeGeneric.mg.e56681521db79245
CAT-QuickHealTrojanPWS.Zbot.AC3
ALYacGen:Heur.PonyStealer.qm0@c4xB4uci
CylanceUnsafe
Sangfor[MICROSOFT VISUAL BASIC 5.0]
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.21db79
BitDefenderThetaGen:NN.ZevbaF.34638.qm0@a4xB4uci
VirITTrojan.Win32.VBPack_Heur
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Zbot.ABV
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packer.VbPack-0-6334882-0
KasperskyTrojan-Spy.Win32.Zbot.vyli
BitDefenderGen:Heur.PonyStealer.qm0@c4xB4uci
NANO-AntivirusTrojan.Win32.Zbot.dwumpz
SUPERAntiSpywareTrojan.Agent/Gen-VB
AvastWin32:Agent-BAUM [Trj]
TencentMalware.Win32.Gencirc.114c8c5f
Ad-AwareGen:Heur.PonyStealer.qm0@c4xB4uci
EmsisoftGen:Heur.PonyStealer.qm0@c4xB4uci (B)
TrendMicroTrojanSpy.Win32.FAREIT.SMAL01.hp
McAfee-GW-EditionBehavesLike.Win32.Fareit.dc
SophosML/PE-A + Troj/VBInj-MC
IkarusTrojan.Win32.Injector
GDataGen:Heur.PonyStealer.qm0@c4xB4uci
JiangminTrojanSpy.Zbot.eszh
AviraHEUR/AGEN.1206784
MAXmalware (ai score=88)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftVirTool:Win32/Injector.FQ
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
McAfeePacked-FK!E56681521DB7
MalwarebytesTrojan.DorkBot.ED
TrendMicro-HouseCallTrojanSpy.Win32.FAREIT.SMAL01.hp
RisingSpyware.Zbot!8.16B (CLOUD)
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.CLPK!tr
AVGWin32:Agent-BAUM [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:Agent-BAUM [Trj]?

Win32:Agent-BAUM [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment