Categories: Malware

Should I remove “Application.Bundler.InstallMonster.QF”?

The Application.Bundler.InstallMonster.QF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Application.Bundler.InstallMonster.QF virus can do?

A file was accessed within the Public folder.
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
CAPE detected the embedded win api malware family
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Accessed credential storage registry keys
Touches a file containing cookies, possibly for information gathering
Yara detections observed in process dumps, payloads or dropped files

How to determine Application.Bundler.InstallMonster.QF?


File Info:
name: 805C950227F439291B61.mlwpath: /opt/CAPEv2/storage/binaries/70edbed7e14622fd8349b5268ad303e4889129f0a7a9cd74412b5025ec56d281crc32: 01467638md5: 805c950227f439291b6197dffa50fd01sha1: 8368b4d3535b16e8278d110a7f7af5361f768c60sha256: 70edbed7e14622fd8349b5268ad303e4889129f0a7a9cd74412b5025ec56d281sha512: 2d2931c9be333a67721b0175e3fec7ebd1c67b6763a44669954fd8d5739ccf35d5f5abf3051e6b78da92b0d5adc13b98b278001dfa1addbe3079ad17f5fb405fssdeep: 98304:o91js9hb7Pp3KJR1sWItmIugLaYb+B86hNTfIJcg/E7J0epHJF0cm9biAg07R6dv:CjsjReR1sHtmILaYqjhIJcsCNBJF0JR0type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T15C46334500E868BFD685A77AA70AFF94D1EFA51319AFC356366417C73D7A8C42B033A0sha3_384: acfd65e05b4cbcf8525528cb9ca8cbeb6e6cbbd56ebac213449dd9f627935c4a9230098979d496e338726a4db0a001e5ep_bytes: 60be007070018dbe00a07fff5783cdfftimestamp: 2017-12-27 13:19:47
Version Info:
InternalName: bdsrtnhLegalCopyright: dsrtbLegalTrademarks: swervsaerOriginalFilename: hsaevgProductName: aewvraweProductVersion: 555.454.5.75Comments: nhwrnjsrytgFileVersion: 776.667.665.281Translation: 0x0451 0x0000

Application.Bundler.InstallMonster.QF also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Inject.lVIb
Elastic	malicious (moderate confidence)
CAT-QuickHeal	Trojan.Resoric.ZZ8
Skyhigh	BehavesLike.Win32.IMonster.tc
ALYac	Application.Bundler.InstallMonster.QF
Malwarebytes	Adware.InstallMonster
VIPRE	Application.Bundler.InstallMonster.QF
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Adware ( 0052cbe61 )
BitDefender	Application.Bundler.InstallMonster.QF
K7GW	Adware ( 0052cbe61 )
Cybereason	malicious.227f43
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/InstallMonstr.QU potentially unwanted
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Inject.ahybv
NANO-Antivirus	Trojan.Win32.Inject.ewmxqt
ViRobot	Adware.Installmonster.5854208.FQ
MicroWorld-eScan	Application.Bundler.InstallMonster.QF
Avast	Win32:Adware-gen [Adw]
Rising	PUF.InstallMonstr!8.EA (TFE:5:0rF9BgKkAdR)
Emsisoft	Application.Bundler.InstallMonster.QF (B)
F-Secure	Adware.ADWARE/InstMonster.Gen7
DrWeb	Trojan.InstallMonster.2517
Zillya	Tool.Bundler.Win32.5175
TrendMicro	TROJ_GEN.R002C0GBH24
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.805c950227f43929
Sophos	Install Monster (PUA)
SentinelOne	Static AI – Suspicious PE
GData	Application.Bundler.InstallMonster.QF
Jiangmin	Trojan.Inject.adln
Avira	ADWARE/InstMonster.Gen7
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Inject
Kingsoft	Win32.Trojan.Agent.gen
Xcitium	Application.Win32.InstallMonster.UB@7g9yow
Arcabit	Application.Bundler.InstallMonster.QF
ZoneAlarm	Trojan.Win32.Inject.ahybv
Microsoft	SoftwareBundler:Win32/InstallMonster
Varist	W32/InstallMonster.JH.gen!Eldorado
AhnLab-V3	PUP/Win32.InstallMonster.R216687
McAfee	Artemis!805C950227F4
TACHYON	Trojan/W32.DP-Inject.13605888
VBA32	Trojan.Inject
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0GBH24
Tencent	Malware.Win32.Gencirc.10b1a0fa
Ikarus	PUA.InstallMonstr.Up
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.CTWA!tr
BitDefenderTheta	AI:Packer.FEB04CA521
AVG	Win32:Adware-gen [Adw]
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_100% (D)
alibabacloud	Trojan:Win/Mint