Malware

Application.Bundler.Bundlore.A (file analysis)

Malware Removal

The Application.Bundler.Bundlore.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.Bundler.Bundlore.A virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Hebrew
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Application.Bundler.Bundlore.A?



File Info:

name: 8D3FCA558A3C26AE97A6.mlw
path: /opt/CAPEv2/storage/binaries/80bda2363e2d94250b8a1ce7ea021e6d5b4e6f40ce6df705eb1a21ea3e095cf5
crc32: 5459AC9A
md5: 8d3fca558a3c26ae97a6e8504c7c2110
sha1: 680a088d8bdeee2c0a066d88f85c9b5473167a78
sha256: 80bda2363e2d94250b8a1ce7ea021e6d5b4e6f40ce6df705eb1a21ea3e095cf5
sha512: 289655ae1dd61958e1eabe11490517dba315d01b2e376ef1757d559cebccb2287556063a59c1dc29b1ae08bafee4deb9ff3dcfbbe4819962724f75683c1a024b
ssdeep: 3072:eRbmfPyLePnYXOPHoDMd82HkqyHLRnFR+X/lG:eRbmo+voOByHlFR+PlG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DAF38D1136C4C074D1B25539886A9A22567DFDF15B718EDF73D88E4E0B38280AA37BB7
sha3_384: 8895265f4c141c86bf8077eff5b41b0165b207c06cb8e49ab6dc3fcc6c2199f8c584adb84bdb5986573a88df962f249b
ep_bytes: e861630000e9000000006a1468d8d541
timestamp: 2014-04-12 19:50:23


Version Info:

FileVersion: 1.0.5.5
ProductVersion: 1.0.5.5
Translation: 0x0409 0x04e4

Application.Bundler.Bundlore.A also known as:

BkavW32.AIDetectMalware
LionicAdware.Win32.Bundlore.2!c
tehtrisGeneric.Malware
DrWebAdware.Downware.925
MicroWorld-eScanApplication.Bundler.Bundlore.A
CAT-QuickHealPUA.Bundlorelt.Gen
SkyhighPUP-FJG
McAfeePUP-FJG
MalwarebytesGeneric.Malware.AI.DDS
VIPREApplication.Bundler.Bundlore.A
SangforTrojan.Win32.Save.a
K7AntiVirusUnwanted-Program ( 00575d121 )
BitDefenderApplication.Bundler.Bundlore.A
K7GWUnwanted-Program ( 00575d121 )
VirITAdware.Win32.BundLore.B
SymantecSMG.Heur!gen
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Bundlore.C potentially unwanted
ClamAVWin.Trojan.Bundlore-9961836-0
Kasperskynot-a-virus:HEUR:AdWare.Win32.Agent.gen
AlibabaAdWare:Win32/Bundlore.f9e1f96d
NANO-AntivirusRiskware.Win32.Adw.cwszzl
SUPERAntiSpywarePUP.Bundlore/Variant
AvastWin32:PUP-gen [PUP]
TencentMalware.Win32.Gencirc.10bd74a0
SophosBundlore (PUA)
F-SecureProgram.APPL/Downloader.Gen
BaiduWin32.Adware.Generic.bm
ZillyaAdware.AgentCRTD.Win32.838
TrendMicroTROJ_GEN.R002C0OAU24
Trapminesuspicious.low.ml.score
EmsisoftApplication.AdBundle (A)
SentinelOneStatic AI – Suspicious PE
JiangminDownloader.Agent.nm
WebrootW32.Adware.Bundore
GoogleDetected
AviraAPPL/Downloader.Gen
VaristW32/Bundlore.A.gen!Eldorado
Antiy-AVLGrayWare/Win32.Bundlore.c
KingsoftWin32.Troj.Agent.gen
XcitiumApplication.Win32.Agent.BUND@58eta0
ArcabitApplication.Bundler.Bundlore.A
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Agent.gen
MicrosoftPUADlManager:Win32/Bundlore
CynetMalicious (score: 99)
VBA32Downware.Bundlore
ALYacApplication.Bundler.Bundlore.A
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0OAU24
RisingTrojan.Generic@AI.88 (RDMK:qrsgFbt6RDkfBBBKbRHSWg)
YandexRiskware.Agent!Q4t5ot7V82c
IkarusAdWare.Win32.Bundlore
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Generic.AC.209FE4!tr
AVGWin32:PUP-gen [PUP]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Application.Bundler.Bundlore.A?

Application.Bundler.Bundlore.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment