Malware

About “Babar.140945” infection

Malware Removal

The Babar.140945 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.140945 virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the embedded pe malware family
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Babar.140945?



File Info:

name: 27B68F24BCD92558AB41.mlw
path: /opt/CAPEv2/storage/binaries/2d8a609026b1dcc00d3c2d938735d87eb69380525238378141758e97307794db
crc32: 25FF36B9
md5: 27b68f24bcd92558ab41e9ca27607f15
sha1: 9cb9e03a17be1e5b1111cd71f101c9421bb41c21
sha256: 2d8a609026b1dcc00d3c2d938735d87eb69380525238378141758e97307794db
sha512: 8579e3e39235c8b4ad25c8ef9e2aa56c8282e7c8db000a7623fca2e60867ccec9af64d2d0a7901177af1ffa3708bd7c284e838aefa6dd15b2c0e671b49942cf1
ssdeep: 24576:tcSxc8SDWgnDNW4R9W/VNq+9XIMBgSS4sTShebN8:2uSDTDLR9WNIAXf+SS4KAeR8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB151232B250A036D6CB467B94BB97A49F55FE62479863DF325839DB1F302C44A3312B
sha3_384: c5613c590b7891c65ed275dcf1e72a4cf861a131081ad376329e688c4dabed95f2ee39c0a12892339e76871c43be5503
ep_bytes: e8e54c0000e916feffffcc558bec5756
timestamp: 2010-02-19 18:32:36


Version Info:

CompanyName: eAcceleration Corp 
FileDescription: StopSign Installer
FileVersion: 1, 0, 0, 50
InternalName: eAc Installer 
LegalCopyright: Copyright© 2000-2010 eAcceleration Corp. All Rights Reserved.
LegalTrademarks: ... 
OriginalFilename: sfx.exe
PrivateBuild: ... 
ProductName: StopSign Installer 
ProductVersion: 1, 0, 0, 50
SpecialBuild: ... 
Translation: 0x0409 0x04b0

Babar.140945 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Stealer.i!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Babar.140945
FireEyeGen:Variant.Babar.140945
SkyhighBehavesLike.Win32.Dropper.dc
ALYacGen:Variant.Babar.140945
Cylanceunsafe
ZillyaTrojan.Banbra.Win32.31231
K7AntiVirusTrojan ( 005380f71 )
AlibabaTrojanPSW:Win32/Stealer.25ef6602
K7GWTrojan ( 005380f71 )
Cybereasonmalicious.4bcd92
SymantecML.Attribute.HighConfidence
APEXMalicious
KasperskyHEUR:Trojan-PSW.Win32.Stealer.gen
BitDefenderGen:Variant.Babar.140945
NANO-AntivirusTrojan.Win32.Snojan.epoyxc
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
AvastWin32:Malware-gen
TencentWin32.Trojan-QQPass.QQRob.Uwhl
EmsisoftGen:Variant.Babar.140945 (B)
F-SecureHeuristic.HEUR/AGEN.1307634
DrWebTrojan.MulDrop6.20495
VIPREGen:Variant.Babar.140945
SophosMal/Generic-S
IkarusTrojan.Agent
GDataGen:Variant.Babar.140945
JiangminTrojanDropper.Agent.cigy
AviraHEUR/AGEN.1307634
Antiy-AVLTrojan/Win32.Generic
ArcabitTrojan.Babar.D22691
ZoneAlarmHEUR:Trojan-PSW.Win32.Stealer.gen
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.PWS.C4923675
McAfeeArtemis!27B68F24BCD9
MAXmalware (ai score=87)
VBA32Trojan.MulDrop
MalwarebytesTrojan.Dropper
RisingStealer.Agent!8.C2 (RDMK:cmRtazpPUYSzeH3vNP19sY3d9CJp)
YandexTrojan.PWS.Banbra!5R2MWNiej54
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/MulDrop6.20495!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Babar.140945?

Babar.140945 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment