Malware

What is “Application.InstallCore.Babar.367”?

Malware Removal

The Application.InstallCore.Babar.367 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.InstallCore.Babar.367 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Application.InstallCore.Babar.367?



File Info:

name: B729176096EBD3BFF8B6.mlw
path: /opt/CAPEv2/storage/binaries/32ea10905afaec9676f8a1374ed8ece6cc3baa3e0e686ccce2a777c527140a7e
crc32: 0D4C8E42
md5: b729176096ebd3bff8b695120e6c6160
sha1: 5d74af7e3459b362a224b80f51f4e729be579318
sha256: 32ea10905afaec9676f8a1374ed8ece6cc3baa3e0e686ccce2a777c527140a7e
sha512: b65ba338041c33461c89aecbf02e6889d4e978820af8639d5001dbd61fe8d6b59666e486005ea8cb09317084d8bb2f9edea685540205e07d67a16573f8464f0b
ssdeep: 12288:Mvpgb+b6jEUnIHe80dlZypCQqslOZQ+bre6b7sk1H1zIACZBwKNAg7KW:MvmbcYEUnI+8O+dqNZBbfQkt1p+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10FE4234263D50D39E0F1D2B48EA660385F333A1629F169A5B7ED895D9F33BC0A812377
sha3_384: e7b9f50591ae784f16b970c45c9537b89eff25a2ef6019b96be8f8c10ba076cc18fcf81ce48d2c3838cc51b4b09e76b1
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription:                                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName:                                                             
ProductVersion:                     
Translation: 0x0000 0x04b0

Application.InstallCore.Babar.367 also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Generic.mDDS
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Application.InstallCore.Babar.367
FireEyeGeneric.mg.b729176096ebd3bf
CAT-QuickHealTrojan.Dorv.B8
SkyhighPUP-FII
ALYacGen:Variant.Application.InstallCore.Babar.367
Cylanceunsafe
ZillyaTrojan.InstallCoreCRTD.Win32.776
SangforPUP.Win32.InstallCore.Vbjh
K7AntiVirusAdware ( 005104571 )
AlibabaAdWare:Win32/InstallCore.b021757a
K7GWAdware ( 005104571 )
CrowdStrikewin/grayware_confidence_100% (W)
VirITAdware.Win32.InstallCore.D
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32Win32/InstallCore.Gen.A potentially unwanted
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0OAT24
ClamAVWin.Trojan.Installcore-876
KasperskyUDS:Trojan.Win32.Zenpak
BitDefenderGen:Variant.Application.InstallCore.Babar.367
NANO-AntivirusRiskware.Win32.InstallCore.dcnbhl
SUPERAntiSpywarePUP.InstallCore/Variant
AvastWin32:PUP-gen [PUP]
TencentMalware.Win32.Gencirc.10b371a0
EmsisoftApplication.InstallCore (A)
F-SecurePotentialRisk.PUA/InstallCore.Gen9
DrWebTrojan.Packed2.38334
VIPREGen:Variant.Application.InstallCore.Babar.367
TrendMicroTROJ_GEN.R002C0OAT24
Trapminemalicious.high.ml.score
SophosInstall Core Click run software (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Application.InstallCore.LX
VaristW32/A-dbe1ec51!Eldorado
AviraPUA/InstallCore.Gen9
Antiy-AVLTrojan/Win32.SGeneric
KingsoftWin32.Trojan.Zenpak.a
XcitiumApplication.Win32.InstallCore.BWAM@58je90
ArcabitTrojan.Application.InstallCore.Babar.367
ViRobotAdware.Installcore.680520.EN
ZoneAlarmUDS:Trojan.Win32.Zenpak
MicrosoftPUADlManager:Win32/InstallCore
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.Vosteran.R346970
McAfeePUP-FII
GoogleDetected
VBA32TScope.Malware-Cryptor.SB
MalwarebytesPUP.Optional.InstallCore.DDS
RisingTrojan.Generic@AI.100 (RDMK:tH7duZyIJFikQEIKuilOFw)
YandexPUA.InstallCore!KM9Fo/OG6ek
IkarusTrojan.Win32.Injected
MaxSecureAdware.DealPly.gen9_171743
AVGWin32:PUP-gen [PUP]
DeepInstinctMALICIOUS

How to remove Application.InstallCore.Babar.367?

Application.InstallCore.Babar.367 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment