Malware

What is “Application.HiRu.A”?

Malware Removal

The Application.HiRu.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.HiRu.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects and encrypts information about the computer likely to send to C2 server
  • Network activity detected but not expressed in API logs
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests cookies for information gathering

Related domains:

wpad.local-net

How to determine Application.HiRu.A?



File Info:

name: 221FBF86BAC7AE5F4024.mlw
path: /opt/CAPEv2/storage/binaries/18e9137f3af64df8ee049611ee83ef93d372377d412e5c5a4e2f84b64cb7f18c
crc32: D801443E
md5: 221fbf86bac7ae5f4024600a4e41ab5f
sha1: 881acb6ee292745813e9be6353b2e0ac2e0c31c7
sha256: 18e9137f3af64df8ee049611ee83ef93d372377d412e5c5a4e2f84b64cb7f18c
sha512: 800e1ebc3c1773e4679e121fe681180b948e94346c1fd24b3709af92eccb15969ad6ec9807acbd62192a5f0c25f598fb5e70a4e93f2c997b141d04f8c7d604e6
ssdeep: 98304:OGHUgeQUmw6ylr3fERe2cCZnfOiJ0GFMCd4N3psJViCwDSt:OG0geP/JBcR+CZn2BC4ZsZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D16334419B3183FED1348F920ABB375F9F536612C9963932EA0AE4732E3F52584B217
sha3_384: d228764ff424730da56cca1bfc38b9f8cbe4de92c6c66c06b3fddb3de7d4758122a205330803349cda8ebd7a4250ecd6
ep_bytes: 81ec8401000053555633db57895c2418
timestamp: 2014-10-07 04:40:17


Version Info:

Comments: 
CompanyName: Piriform Ltd.
FileDescription: CCleaner v5.07.5261
FileVersion: 5.07.5261.0
LegalCopyright: © Piriform Ltd.
ProductName: CCleaner v5.07.5261
Translation: 0x0409 0x04e4

Application.HiRu.A also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.Hiru.2!c
FireEyeApplication.HiRu.A
CAT-QuickHealTrojan.Hiru
ALYacApplication.HiRu.A
CylanceUnsafe
ZillyaAdware.HiRu.Win32.181
SangforAdware.Win32.Hiru.b
K7AntiVirusAdware ( 004d731f1 )
AlibabaAdWare:Win32/HiruExt.a2415acc
K7GWAdware ( 004d731f1 )
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/Adware.HiRu.B
APEXMalicious
ClamAVWin.Trojan.Agent-1426223
Kasperskynot-a-virus:AdWare.Win32.Hiru.b
BitDefenderApplication.HiRu.A
NANO-AntivirusRiskware.Nsis.HiRu.ekanlf
SophosGeneric Reputation PUA (PUA)
ComodoApplicUnwnt@#8ebihlmweaoh
VIPRETrojan.Win32.Generic!BT
EmsisoftApplication.HiRu.A (B)
SentinelOneStatic AI – Suspicious PE
AviraHEUR/AGEN.1127504
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Wacatac.A!ml
GDataApplication.HiRu.A
CynetMalicious (score: 99)
McAfeeArtemis!B7CDC4024FC1
VBA32AdWare.Hiru
TrendMicro-HouseCallTROJ_GEN.R002H0CJO21
YandexTrojan.Igent.bTXFNR.6
Cybereasonmalicious.6bac7a

How to remove Application.HiRu.A?

Application.HiRu.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment