Malware

Babar.264159 (file analysis)

Malware Removal

The Babar.264159 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.264159 virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Babar.264159?



File Info:

name: 8B4FF55EF2D96A0D5AB4.mlw
path: /opt/CAPEv2/storage/binaries/7782d29132b11c40086d0aaf532c265192df1e148c94be8629429f82873d61be
crc32: A1BA2B10
md5: 8b4ff55ef2d96a0d5ab41135bc7c8440
sha1: f510b9610fe552c1ca4c68bf55b149d44dc18913
sha256: 7782d29132b11c40086d0aaf532c265192df1e148c94be8629429f82873d61be
sha512: 57ea45875af6702817e1ea7d0f065f5287ee8f6552e3c40066cd5cc18d4920966a5cd2dcb08d30e3253056ba71154ce89c965514d316856efc0f498979c46f85
ssdeep: 12288:i7PWRF5qUDeq6gFHod4Bu/aRP530JYZLXgnJ03S0qz/YrQX8:i7e35F6y9ldLXg+3S0uYrQX8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A159E4471FD6B23C10E7438683692B58B56EA98BD15823CF0A85A9D7C316F47FA3F18
sha3_384: 859cc813edd90744e6b0e8c102f02b6819f776444e677fcaa678c7d833424c9eabc3d8a86f0f2e78d8f7c0ce63c08be6
ep_bytes: f8731a73d1639b5b5568197a6c0ac01a
timestamp: 2012-03-29 10:44:51


Version Info:

FileVersion: 3.0.1.0
FileDescription: vc98
ProductName: 随缘
ProductVersion: 3.0.1.0
CompanyName: 浮生若梦
LegalCopyright: vc98
Comments: vc98
Translation: 0x0804 0x04b0

Babar.264159 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
McAfeeFlyagent.d
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f54a1 )
K7GWTrojan ( 0040f54a1 )
Cybereasonmalicious.10fe55
BitDefenderThetaGen:NN.ZexaF.36722.4q0@a4sVNvcb
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
BitDefenderGen:Variant.Babar.264159
NANO-AntivirusVirus.Win32.Agent.dvixmz
MicroWorld-eScanGen:Variant.Babar.264159
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Variant.Babar.264159 (B)
VIPREGen:Variant.Babar.264159
TrendMicroTROJ_GEN.R002C0PI223
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.8b4ff55ef2d96a0d
SophosMal/Generic-S
IkarusTrojan-GameThief.Win32.OnLineGames
GDataWin32.Trojan.FlyStudio.I
Antiy-AVLTrojan[Packed]/Win32.FlyStudio
Kingsoftmalware.kb.a.998
XcitiumTrojWare.Win32.Agent.OSCF@5rs7jr
ArcabitTrojan.Babar.D407DF
ViRobotTrojan.Win.Z.Babar.917504
MicrosoftTrojan:Win32/Emotet!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5478291
ALYacGen:Variant.Babar.264159
MAXmalware (ai score=83)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0PI223
RisingPacker.Win32.Agent.f (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.BELF!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Babar.264159?

Babar.264159 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment