This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
Minimum DAT 6803 (2012-08-14) Updated DAT6803 (2012-08-14) |
Minimum Engine 5400.1158 File Length879104 |
Description Added 2012-08-14 Description Modified2012-08-14 |
This is a Trojan
File Properties | Property Values |
---|---|
McAfee Detection | Generic.evx!bz |
Length | 879104 bytes |
MD5 | ad6f72b851ebcf7bf7c8b1c551140c5f |
SHA1 | 37275cfd9e185b979c15fb8681c4c8434f224ed9 |
Other Common Detection Aliases
Company Names | Detection Names |
---|---|
EMSI Software | Trojan.SuspectCRC!IK |
avast | Win32:FinSpy-A |
AVG (GriSoft) | Dropper.Generic6.NHD |
avira | TR/Dropper.Gen |
Kaspersky | Trojan.Win32.Agentb.ty |
BitDefender | Trojan.Generic.6854490 |
clamav | PUA.Win32.Packer.SetupExeSection |
Dr.Web | Trojan.MulDrop3.31380 |
FortiNet | Evx.BZ!tr |
Microsoft | Trojan:Win32/Spinfy.A |
Symantec | Backdoor.Finfish |
Eset | Win32/Belesak.D trojan |
norman | W32/Troj_Generic.DCTRI |
panda | Generic Trojan |
Sophos | Troj/FinFish-B |
Trend Micro | TROJ_FINSPY.A |
vba32 | Trojan.Agentb.ty |
V-Buster | Trojan.Agentb!5zZ9ImcrE6c (trojan) |
Other brands and names may be claimed as the property of others.
Activities | Risk Levels |
---|---|
Enumerates many system files and directories. | |
Process attempts to call itself recursively | |
Attempts to write to a memory location of an unknown process | |
No digital signature is present |
McAfee Scans | Scan Detections |
---|---|
McAfee Beta | Generic.evx!bz |
McAfee Supported | Generic.evx!bz |
System Changes
Some path values have been replaced with environment variables as the exact location may vary with different configurations. e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files
The following files were analyzed:
37275cfd9e185b979c15fb8681c4c8434f224ed9
The following files have been added to the system: | |
|
The following files were temporarily written to disk then later removed: | |
|