Malware

Babar.115288 removal instruction

Malware Removal

The Babar.115288 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.115288 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Babar.115288?



File Info:

name: ADF05DE1908B26B53012.mlw
path: /opt/CAPEv2/storage/binaries/340d9042adbd1c1a7637631a6e72bb28461a677b24804a93c925b7dca161476c
crc32: 83A7A317
md5: adf05de1908b26b530128755882973d4
sha1: 0e82af9baede320283fe6bf031e33ca9995c1d08
sha256: 340d9042adbd1c1a7637631a6e72bb28461a677b24804a93c925b7dca161476c
sha512: 8070acfd895bed91f6525051c7298f6098c94ecbe46c12bc560bcd1246ef192937fde3f1e2e9c872b173f8ecbc6a8c1157c0175efb1ee6d5dc2d0ddc9695c2f4
ssdeep: 196608:t/gk8B/DA4QCWPc9gVZP7gT7wc2lo6PPaCFcsQeaQ20nmajKY7Zn:Ok8B/D/QCWPcGvUB6PPVcsQPNhEKyn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B18633A24520F77ED15589756ED4AB1CD0E7ACCA1C9221E299BC8F0D0326DE5FDCCAE0
sha3_384: 8ad392570afaa2d4a2f4edea306d4db0a522f46d6d5b8af216ca6d57bc8e9bde8ac76cb8b0125506228035bdd59fdcff
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: DTZGURU                                                     
FileDescription: Disk Tools Setup                                            
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Disk Tools                                                  
ProductVersion:                     
Translation: 0x0000 0x04b0

Babar.115288 also known as:

DrWebTrojan.PWS.Stealer.29702
MicroWorld-eScanGen:Variant.Babar.115288
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
KasperskyVHO:Trojan.Win32.Ekstak.gen
BitDefenderGen:Variant.Babar.115288
AvastOther:Malware-gen [Trj]
Ad-AwareGen:Variant.Babar.115288
EmsisoftGen:Variant.Babar.115288 (B)
FireEyeGen:Variant.Babar.115288
JiangminTrojan.Ekstak.ccti
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Babar.D1C258
ZoneAlarmVHO:Trojan.Win32.Ekstak.gen
GDataGen:Variant.Babar.115288
AhnLab-V3Malware/Win.Generic.C5290585
MAXmalware (ai score=89)
FortinetW32/Agent.SLC!tr.dldr
AVGOther:Malware-gen [Trj]

How to remove Babar.115288?

Babar.115288 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment