Application.KeyLogger.Hgzvip.C (B) removal tips

The Application.KeyLogger.Hgzvip.C (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Application.KeyLogger.Hgzvip.C (B) virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Scheduled file move on reboot detected
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• Guard pages use detected – possible anti-debugging.
• Dynamic (imported) function loading detected
• At least one IP Address, Domain, or File Name was found in a crypto call
• Performs HTTP requests potentially not found in PCAP.
• Enumerates running processes
• Expresses interest in specific running processes
• Reads data out of its own binary image
• A process created a hidden window
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• Unconventionial language used in binary resources: Chinese (Simplified)
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Uses Windows utilities for basic functionality
• Behavioural detection: Transacted Hollowing
• Exhibits possible ransomware file modification behavior
• Uses suspicious command line tools or Windows utilities

How to determine Application.KeyLogger.Hgzvip.C (B)?

File Info:
name: 97CA7E18B1E6B1CB3496.mlw
path: /opt/CAPEv2/storage/binaries/ee2d14cab2e8d1bbd03550cdcf1a902ab7eb6e0a9d52e1fe12d7ac739b358a61
crc32: 2E40226A
md5: 97ca7e18b1e6b1cb3496fd44a2d1b650
sha1: ad93f90f9c4d1eee8d59d03be405d019bf0f245a
sha256: ee2d14cab2e8d1bbd03550cdcf1a902ab7eb6e0a9d52e1fe12d7ac739b358a61
sha512: 9fe027d6f075cff0994cb52a50585e07784cbfcdabce712eba9593ccba273c62f6bfa2115262fdc853e4f4e5b78360ba2f029e1bec37e333b9c769a67f46a921
ssdeep: 196608:yt6DyfLQ/YP6kyQjdDsobR6Gw4wnnzV1DYea4:yt6Dys/YikJpsn4wnnzVpYe3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B7633E07A8126F3C23528361529E611EF3D7D343B1AAB27A7D8553DA5B48807E32F71
sha3_384: b858548eda41a29708e10519d1be78571066961d1b79371df73fa39202ee33b741bf937d7496ecdffb8590d93598b6e6
ep_bytes: e8ce040000e98efeffff3b0dc8a14300
timestamp: 2018-09-30 18:01:44

Version Info:
0: [No Data]

Application.KeyLogger.Hgzvip.C (B) also known as:

How to remove Application.KeyLogger.Hgzvip.C (B)?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.