PUA

App/Generic-DA (PUA) removal instruction

Malware Removal

The App/Generic-DA (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What App/Generic-DA (PUA) virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine App/Generic-DA (PUA)?


File Info:

name: 2AA1722854F51D8B02DF.mlw
path: /opt/CAPEv2/storage/binaries/5a60f42b55702f849bf7e9c18a7c639a782337538d29d36a360c37e7a865082e
crc32: C32032A9
md5: 2aa1722854f51d8b02df6c95d3517f9b
sha1: 30618187ffb8a253bc5173763f2183512df3e547
sha256: 5a60f42b55702f849bf7e9c18a7c639a782337538d29d36a360c37e7a865082e
sha512: f325edaecfcf854fdb7e9317fba69dd1f52ce2370f09db4fb7a751b7deb47c2a0489f12923710e482bf6d191a9bb9798a6b6b0e307c706c62e74c0bd203ef849
ssdeep: 196608:JZyyq5gIlA02I1FIfJPOIJU6ibNuCuDLK/zIKpXc554v8p7iy39KqQv433:J6rRIJ0gtKRc55cwfO433
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T127D612037660C4A1E591273281FAA331A7743A545734C6C7F76CAE2A7F726C2973A34B
sha3_384: 7545d074324ddda459b4c81d273670631b4f604b40facaa2e3ebffce905fef57fd73db381b0e7425ba17f90a4dbb2408
ep_bytes: 558bec6aff68c0fa000168a80d510064
timestamp: 2016-11-26 10:29:45

Version Info:

FileVersion: 4.0.0.0
FileDescription: 创新官方win(7-10)系列驱动
ProductName: 创新官方win(7-10)系列驱动
ProductVersion: 4.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 创新官方win(7-10)系列驱动
Translation: 0x0804 0x04b0

App/Generic-DA (PUA) also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
FireEyeGeneric.mg.2aa1722854f51d8b
McAfeeArtemis!2AA1722854F5
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderThetaGen:NN.ZexaF.36662.@t0@aOIkZejb
CyrenW32/OnlineGames.HG.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
AvastWin32:Evo-gen [Trj]
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
Trapminesuspicious.low.ml.score
SophosApp/Generic-DA (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.4AIOBO
GoogleDetected
Antiy-AVLTrojan/Win32.FlyStudio.a
XcitiumTrojWare.Win32.TrojanDropper.Agent.HNMS@4xnjpy
MicrosoftPUA:Win32/Packunwan
CynetMalicious (score: 100)
VBA32BScope.Trojan.Casur
MAXmalware (ai score=93)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H0CED23
IkarusPUA.BlackMoon
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.PHP!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.7ffb8a
DeepInstinctMALICIOUS

How to remove App/Generic-DA (PUA)?

App/Generic-DA (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment