Malware

How to remove “Babar.193928”?

Malware Removal

The Babar.193928 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.193928 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Andromeda malware family
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Babar.193928?



File Info:

name: 93ED9C93D42C0756FFE2.mlw
path: /opt/CAPEv2/storage/binaries/39f6ade5c1710b092278887336f927d3b39b451a6130992df62eead63e982411
crc32: C3916B3F
md5: 93ed9c93d42c0756ffe22823f58b7a55
sha1: f7936de4fac7d7857e5301cd3f86967e579f5bb9
sha256: 39f6ade5c1710b092278887336f927d3b39b451a6130992df62eead63e982411
sha512: 773b26e040cc90ddf539dda31ef240c981a707f454785f14aa0137132ac0a5ab1679829598351777837b8b49c4274d12d0a5dd656dce8c68d7cc6d36a49c4c9c
ssdeep: 768:AvRW55xPXyoolzWVncwYWOKZqxXa25xPf27DXtKKk71UgcR1hvUIG5xpj3Dx1:AvRW5vPbol6cwYdXFTf0DYKk71UgcR1A
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CE23E183F79040F9C6891BB14EB6EA9D227AB87F5E65070733E0454E1D38B906E11B77
sha3_384: bc90554d18b8cb65649c1a30aa81d7f34400a64ecdb75112f4f9d6ab5ca9325b200bf2e964ac1558a3843d2d5371b5a3
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2012-05-13 13:42:56


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Entertainment Pack FreeCell Game
FileVersion: 5.00.2135.1
InternalName: freecell
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename: freecell
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2135.1
Translation: 0x0409 0x04b0

Babar.193928 also known as:

BkavW32.AIDetectMalware
LionicHacktool.Win32.Krap.3!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Babar.193928
FireEyeGeneric.mg.93ed9c93d42c0756
McAfeePWS-Zbot.gen.bex
MalwarebytesMalware.Heuristic.1003
ZillyaTrojan.Kryptik.Win32.4156365
SangforWorm.Win32.Gamarue.Vq64
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaWorm:Win32/Gamarue.a930ab15
BitDefenderThetaAI:Packer.D89C94401F
CyrenW32/Injector.D.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.AFPS
APEXMalicious
CynetMalicious (score: 100)
KasperskyPacked.Win32.Krap.iu
BitDefenderGen:Variant.Babar.193928
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.13aeefe0
EmsisoftGen:Variant.Babar.193928 (B)
VIPREGen:Variant.Babar.193928
McAfee-GW-EditionPWS-Zbot.gen.bex
Trapminemalicious.high.ml.score
SophosMal/Agent-AIA
GDataGen:Variant.Babar.193928
MAXmalware (ai score=88)
Antiy-AVLTrojan/Win32.Kryptik
XcitiumTrojWare.Win32.Kryptik.ASR@4oc4x0
ArcabitTrojan.Babar.D2F588
ZoneAlarmPacked.Win32.Krap.iu
MicrosoftWorm:Win32/Gamarue.I
GoogleDetected
VBA32BScope.P2P-Worm.Palevo
ALYacGen:Variant.Babar.193928
Cylanceunsafe
PandaBck/Qbot.AO
RisingWorm.Gamarue!8.13B (CLOUD)
IkarusPacker.Win32.Krap
MaxSecureTrojan.Malware.3936067.susgen
FortinetW32/Kryptik.WDV!tr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS

How to remove Babar.193928?

Babar.193928 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment