Malware

Application.Bundler.InstallMonster.397 malicious file

Malware Removal

The Application.Bundler.InstallMonster.397 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.Bundler.InstallMonster.397 virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a process and injected code into it, probably while unpacking
  • Detects the presence of Wine emulator via function name
  • Queries information on disks, possibly for anti-virtualization
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Collects information about installed applications
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
contiguity.reviously.ru
hookworm.capitaly.ru

How to determine Application.Bundler.InstallMonster.397?



File Info:

crc32: B6D31569
md5: 43c084dfb767851ea862b52504f95865
name: 43C084DFB767851EA862B52504F95865.mlw
sha1: 5d636936e28f6b53112e8d2016047e46aa069590
sha256: 2375bb1e4eb479ef4d823c13d7f8023570007042fee0e13bcb6c153a01198d8f
sha512: a78d247b6c550d657c82104c311f8f0e0d7bdb6a1747bc9a1796c5026a5830f6ad2ff097177d2365a1a681cfd9d92f31a554a6d1ba7e11a9e254636081de6f2e
ssdeep: 98304:Tb4BaR6iaB1h7sTraHnYapBPZcJdVIlR3Ghg8+JkIyifuknX8fIAbO+4Fq:Tb4QXaBWWHXPKLGR3Gidxf4IAIFq
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: nfgh
InternalName: bsrtn
FileVersion: 3.45.3.4162
LegalTrademarks: sgh
Comments: sebtrs
ProductName: tnhstr
ProgramID: ebts
ProductVersion: 5.554.53.73
FileDescription: dgnhrtj
OriginalFilename: sergtser
Translation: 0x042c 0x04e6

Application.Bundler.InstallMonster.397 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CAT-QuickHealSwBndlr.InstlMnstr.YY1
ALYacGen:Variant.Application.Bundler.InstallMonster.397
ZillyaAdware.Generic.Win32.122017
CrowdStrikewin/malicious_confidence_60% (D)
Cybereasonmalicious.fb7678
CyrenW32/InstallMonster.KH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/InstallMonstr.VA potentially unwanted
APEXMalicious
AvastWin32:Adware-gen [Adw]
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Inject.aiarn
BitDefenderGen:Variant.Application.Bundler.InstallMonster.397
NANO-AntivirusTrojan.Win32.Inject.ewzlov
MicroWorld-eScanGen:Variant.Application.Bundler.InstallMonster.397
TencentMalware.Win32.Gencirc.10b319b7
Ad-AwareGen:Variant.Application.Bundler.InstallMonster.397
ComodoApplication.Win32.InstallMonster.CM@7h1jec
DrWebTrojan.InstallMonster.1549
VIPRETrojan.Win32.Generic!BT
FireEyeGeneric.mg.43c084dfb767851e
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Inject.adyw
AviraADWARE/InstMonster.Gen7
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASMalwS.23FE190
MicrosoftTrojan:Win32/Wacatac.A!ml
GDataGen:Variant.Application.Bundler.InstallMonster.397
AhnLab-V3PUP/Win32.InstMonster.R217751
Acronissuspicious
McAfeeArtemis!43C084DFB767
MAXmalware (ai score=99)
VBA32SScope.Trojan-Dropper.Runnet
PandaTrj/GdSda.A
YandexTrojan.GenAsa!I55pa1f+AAM
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.CTWA!tr
AVGWin32:Adware-gen [Adw]
Paloaltogeneric.ml

How to remove Application.Bundler.InstallMonster.397?

Application.Bundler.InstallMonster.397 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment