Trojan

About “Win64/TrojanDownloader.Agent.ALY” infection

Malware Removal

The Win64/TrojanDownloader.Agent.ALY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64/TrojanDownloader.Agent.ALY virus can do?

  • A file was accessed within the Public folder.
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings

How to determine Win64/TrojanDownloader.Agent.ALY?



File Info:

name: BC240E119AE6AD4E712B.mlw
path: /opt/CAPEv2/storage/binaries/8db30678d5660a8f5ef42c64684c5188bf320a27f9bdaf487599c0299fc37e61
crc32: 71FC4733
md5: bc240e119ae6ad4e712be4b88113fa3d
sha1: 08a04874b3982b7f30a5ba3031a83d4232c5de70
sha256: 8db30678d5660a8f5ef42c64684c5188bf320a27f9bdaf487599c0299fc37e61
sha512: 7168847d84019c68e199b9b1c7a7392a35ba4cbc20cfed63e718b69817c907fb64f6c4dc55435b7e68127abb21f3cc477fb4784c292f373591a1678c1dfe8ab8
ssdeep: 49152:3p80bmdU+yyRp7dr1Jsn/wv7j6Q3BCkacvFzELV/0vbXP5XcnDbs:3p8ldU8xJsWzELV/0TPZcnD
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T18CD56B5B26AC51ECE47F8174C9568A4AD7F274F12B3583CF029446AF0FB76A10C29B93
sha3_384: 62100e397af5dd7c86fff30219cec3abaf5cc43108dd197e269727845859b3af10bc4e0bbea75c4fffd6e1b23321ca53
ep_bytes: 4883ec28e83fea00004883c428e952fe
timestamp: 2024-04-08 10:31:44


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Visual Studio Installer
FileVersion: 17.9.34723.18
InternalName: vs_community.exe
OriginalFilename: vs_community.exe
ProductName: Microsoft Visual Studio Community
ProductVersion: Visual Studio 2022
LegalCopyright: © Microsoft Corporation. All rights reserved.
Translation: 0x0409 0x04b0

Win64/TrojanDownloader.Agent.ALY also known as:

BkavW64.AIDetectMalware
FireEyeGeneric.mg.bc240e119ae6ad4e
SkyhighArtemis!Trojan
McAfeeArtemis!BC240E119AE6
SangforDownloader.Win64.Aly.Vq02
AlibabaTrojanDownloader:Win64/DropperX.402513f0
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win64/TrojanDownloader.Agent.ALY.gen
APEXMalicious
KasperskyTrojan.Win32.Agentb.mbpz
RisingDownloader.Agent!8.B23 (CLOUD)
SophosMal/Generic-S
GoogleDetected
F-SecureDropper.DR/AVI.Gepys.gijru
AviraDR/AVI.Gepys.gijru
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Agentb.mbpz
CynetMalicious (score: 99)
DeepInstinctMALICIOUS
Cylanceunsafe
TencentWin64.Trojan-Downloader.Oader.Wdkl
IkarusBackdoor.Agent
FortinetW64/Agent.ALY!tr.dldr
alibabacloudTrojan[downloader]:Win/Agentb.mbpz

How to remove Win64/TrojanDownloader.Agent.ALY?

Win64/TrojanDownloader.Agent.ALY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment