Malware

About “Babar.20393” infection

Malware Removal

The Babar.20393 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.20393 virus can do?

  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Babar.20393?



File Info:

name: 608AC4EB10ECC9A823AF.mlw
path: /opt/CAPEv2/storage/binaries/60a414d591ae4c808bc826394de051f6e5661bb853f5710d5f0545531dd0c713
crc32: D43BCF2B
md5: 608ac4eb10ecc9a823af9df4393fe324
sha1: 04e9e1771709b3db3b04dc6f436846ec76c63811
sha256: 60a414d591ae4c808bc826394de051f6e5661bb853f5710d5f0545531dd0c713
sha512: ed89c0d3f37cdf09116b9104056bbdc61fc8f2d840f29c81b8d7599566c64be9af7981c479b68971f05c2f9b57cdac9d3ae156a144dc02495e2156705a254191
ssdeep: 12288:Z21X7nf48JfNB0PQL7rNaGr8Nfewmw07xnIbabmlRmxJOOLdHX2q:ZoX7AikPAEBehw+xnIbaxPLdHXD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EEC4232B5C2DE890F4DB3C35652AFFD12A0BFC03515651A71E41F29AF6B27838492E87
sha3_384: fa4211df0096303410d95862c27ea121b22cedef12b3765e8a5d4c9838c4399f0c5f1d5b7ab87b2acf5a8c9caf5ad8dd
ep_bytes: 60be00f041008dbe0020feff57eb0b90
timestamp: 2010-03-22 06:27:00


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Office Word
FileVersion: 12.0.4518.1014
InternalName: WinWord
LegalCopyright: © 2006 Microsoft Corporation.  All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: WinWord.exe
ProductName: 2007 Microsoft Office system
ProductVersion: 12.0.4518.1014
Translation: 0x0000 0x04e4

Babar.20393 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Babar.20393
ClamAVWin.Trojan.Ag-2
FireEyeGeneric.mg.608ac4eb10ecc9a8
McAfeeGenericRXGG-WK!7E6DE19E5A31
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0057128f1 )
AlibabaBackdoor:Win32/Salgorea.10ed7734
K7GWTrojan ( 0057128f1 )
Cybereasonmalicious.b10ecc
BitDefenderThetaGen:NN.ZexaF.36350.KmKfaqLDdChi
CyrenW32/ABTrojan.BVMQ-0559
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDropper.Agent.QZD
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Babar.20393
AvastWin32:Agent-AYZG [Cryp]
TencentWin32.Trojan.Generic.Mgil
TACHYONBackdoor/W32.Finfish.634368
SophosMal/Agent-AVN
F-SecureTrojan.TR/Drop.Agent.dmsow
DrWebTrojan.MulDrop7.34530
VIPREGen:Variant.Babar.20393
TrendMicroTROJ_GEN.R002C0DHA23
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Babar.20393 (B)
IkarusTrojan.Win32.Salgorea
GDataGen:Variant.Babar.20393
AviraTR/Drop.Agent.dmsow
Antiy-AVLTrojan[Backdoor]/Win32.Finfish
ArcabitTrojan.Babar.D4FA9
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Salgorea.C!MTB
GoogleDetected
VBA32BScope.TrojanDropper.Agent
ALYacGen:Variant.Babar.20393
MAXmalware (ai score=88)
MalwarebytesTrojan.VBAgent
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DHA23
RisingBackdoor.Generic!8.CE (TFE:5:1cVSbiw0hkO)
YandexTrojan.GenAsa!VZtBpaHf7NI
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.QYJ!tr
AVGWin32:Agent-AYZG [Cryp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Babar.20393?

Babar.20393 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment