Malware

Application.Bundler.InstallMonster.396 (B) information

Malware Removal

The Application.Bundler.InstallMonster.396 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.Bundler.InstallMonster.396 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Detects VirtualBox through the presence of a library
  • Detects VirtualBox through the presence of a device
  • Detects VirtualBox through the presence of a file
  • Anomalous binary characteristics

How to determine Application.Bundler.InstallMonster.396 (B)?



File Info:

name: BA033E873D764F482B05.mlw
path: /opt/CAPEv2/storage/binaries/41b6223197a25b2a7d51c1f537436d6f19909010eb3b3486aaec4cef4dcaec94
crc32: 449B1EA4
md5: ba033e873d764f482b0552873d9bb794
sha1: 5d6ffa94311667b10961d5f95e4a1d5f06880cd5
sha256: 41b6223197a25b2a7d51c1f537436d6f19909010eb3b3486aaec4cef4dcaec94
sha512: 37fb35602769f7939bf743dc35515a8411da9528ca75982af43671945352d281d1c6949383ac6ce1610e7dc2008284567c0fa7d325af1f704d5d425f0431747b
ssdeep: 98304:ZWSmnlqu4fa5HZkfKwTFZyiVAv4LFiqciGs+y/9ZzOUkjgJgBCXS:ZWSy1VJsBhA9Tc92jzIC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11C3602D9E610713AE3DB9D3EA44972782E090EC96BC4426802D3F75E33B484E95CB776
sha3_384: 6b603e08fad010b5cd531c51a536bd89737987a751b27256c0aa0116225bfe16ac12e579f932c6a4b91a1500508b82be
ep_bytes: 60be0020be008dbe00f081ff5783cdff
timestamp: 2017-01-13 10:14:19


Version Info:

FileVersion: 1.0.5.19
ProductVersion: 1.0.5.19
Translation: 0x0804 0x04e4
Comments: 
CompanyName: 青枣网络科技有限公司.
FileDescription: 好图看看
InternalName: HaoTuKanKan
LegalCopyright: (C) 青枣网络科技有限公司. All rights reserved.
LegalTrademarks: (C) 青枣网络科技有限公司 Corp. Ltd.
ProductName: 好图看看

Application.Bundler.InstallMonster.396 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Application.Bundler.InstallMonster.396
FireEyeGeneric.mg.ba033e873d764f48
ALYacGen:Variant.Application.Bundler.InstallMonster.396
CylanceUnsafe
ZillyaAdware.ShandaAdd.Win32.80
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 004f6b251 )
AlibabaAdWare:Win32/ShandaAdd.d3827716
K7GWAdware ( 004f6b251 )
Cybereasonmalicious.73d764
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Adware.ShandaAdd.F
TrendMicro-HouseCallTROJ_GEN.R002H0CL521
Paloaltogeneric.ml
BitDefenderGen:Variant.Application.Bundler.InstallMonster.396
NANO-AntivirusRiskware.Win32.ShandaAdd.ewdrme
AvastWin32:Adware-gen [Adw]
Ad-AwareGen:Variant.Application.Bundler.InstallMonster.396
EmsisoftGen:Variant.Application.Bundler.InstallMonster.396 (B)
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
SophosGeneric PUA FN (PUA)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Application.Bundler.InstallMonster.396
AviraHEUR/AGEN.1200906
MAXmalware (ai score=74)
Antiy-AVLTrojan/Generic.ASMalwS.30CDA38
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Application.Bundler.InstallMonster.396
MicrosoftPUA:Win32/Haotukankan
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Banbra.C1706879
Acronissuspicious
McAfeeArtemis!BA033E873D76
VBA32TScope.Trojan.Delf
MalwarebytesPUP.Optional.HaoTuKanKan
APEXMalicious
YandexPUA.ShandaAdd!cFFGrhSqXF8
IkarusPUA.ShandaAdd
eGambitUnsafe.AI_Score_99%
FortinetAdware/ShandaAdd
AVGWin32:Adware-gen [Adw]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Application.Bundler.InstallMonster.396 (B)?

Application.Bundler.InstallMonster.396 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment