Categories: Malware

How to remove “Babar.22723”?

The Babar.22723 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Babar.22723 virus can do?

Executable code extraction
Injection (inter-process)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Mimics the system’s user agent string for its own requests
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Detects Sandboxie through the presence of a library
Detects the presence of Wine emulator via function name
Tries to unhook or modify Windows functions monitored by Cuckoo
Installs itself for autorun at Windows startup
Attempts to identify installed analysis tools by a known file location
Checks for the presence of known devices from debuggers and forensic tools
Detects the presence of Wine emulator via registry key
Detects Sandboxie using a known mutex
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a device
Detects VirtualBox through the presence of a registry key
Detects VMware through the presence of a device
Detects VMware through the presence of a registry key
Detects Virtual PC using a known mutex
Attempts to modify proxy settings
Checks for a known DeepFreeze Frozen State Mutex
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

superalfados122.info

How to determine Babar.22723?


File Info:
crc32: E10C0F01md5: b020ff688e68f4022e3ad6b44fc58af5name: B020FF688E68F4022E3AD6B44FC58AF5.mlwsha1: 858e1514ed518d1aeeb510f6852efcc873150b7bsha256: d80bce0465e1cf1d3719be5311fea8d909585e3f81f88131a64eeb48de5c0317sha512: 236d6830361c71771d73eccd9e106911f3053db6f93e09371d1ab20ac860d5f453a62c4541a525117b99bb27992469e645f4ecebde4bc9d12a6260b13ea99f83ssdeep: 6144:0+tYoEd67wYIgXbLuIjUvvmpBfMdFZDWI7WfuuM3t+YqMI:0Pf6sYIgOIj8wVMPZqYWfbM3t+xVtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Domo Technologies Copyright xa9 1995-Present InternalName: NeedfulCentrinCompanyName: Domo TechnologiesProductName: NeedfulCentrinProductVersion: 6.5.7.3FileDescription: Octets Illustrating BlendingOriginalFilename: NeedfulCentrinTranslation: 0x0409 0x04b0

Babar.22723 also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Babar.22723
FireEye	Generic.mg.b020ff688e68f402
McAfee	GenericRXAA-AA!B020FF688E68
BitDefender	Gen:Variant.Babar.22723
Cybereason	malicious.88e68f
TrendMicro	Mal_MiliCry-1h
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	Trojan.Win32.Yakes.tifv
Rising	Malware.Undefined!8.C (TFE:5:0A8nPkTuW4J)
Ad-Aware	Gen:Variant.Babar.22723
Emsisoft	Gen:Variant.Babar.22723 (B)
DrWeb	Trojan.Inject4.4415
Invincea	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.BadFile.fc
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Yakes.vjc
eGambit	Unsafe.AI_Score_99%
MAX	malware (ai score=80)
Microsoft	Trojan:Win32/Wacatac.C!ml
Arcabit	Trojan.Babar.D58C3
ZoneAlarm	Trojan.Win32.Yakes.tifv
GData	Gen:Variant.Babar.22723
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Sagecrypt.Gen
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34634.xq0@auLH2vci
ALYac	Gen:Variant.Babar.22723
VBA32	BScope.Trojan.Yakes
ESET-NOD32	a variant of Win32/Kryptik.DJYS
TrendMicro-HouseCall	Mal_MiliCry-1h
MaxSecure	Trojan.Malware.1728101.susgen
Webroot	Trojan.Dropper.Gen
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_60% (D)