Should I remove “Babar.35391”?

The Babar.35391 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Babar.35391 virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Babar.35391?


File Info:
name: 88BBE1750762016AB27F.mlw
path: /opt/CAPEv2/storage/binaries/e42e8a894c2eb42909001454adda33f4c1a48dd097832fb73568bc5bdbb5eae3
crc32: E70020DD
md5: 88bbe1750762016ab27f64efee512330
sha1: 37f754eb6ff80b3bb8afc059c51156c82fc2ff3e
sha256: e42e8a894c2eb42909001454adda33f4c1a48dd097832fb73568bc5bdbb5eae3
sha512: ed72f44eb9226e738f47c2a276c4b5b3c1bfc55a0bc4e5434b1468af644a09fee422940cf2285ede60a7b612ad99a129db94bc99e6bafb5428e94b43190ed718
ssdeep: 98304:/8Q1UU6NYlzeN0i5SbWf+YFChAkJBAUZLhJ:4fYGVQaf+HhAkJV1J
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11E16E116F382C4B2D5165631186BB73AEA75DE110F318AC3B76CFE5E1F32260AB5B109
sha3_384: 8d82b39033147cc9365792ff3ee60e51ef3d3789e16bec17645e96cd29488b9b87c87493586c5a7bf3702cdc7b8bf27b
ep_bytes: 558bec6aff68b8036d006804fa4d0064
timestamp: 2022-06-02 13:53:17

Version Info:
FileVersion: 1.0.0.0
FileDescription: 应用程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
CompanyName: Q1743802378
LegalCopyright: Q1743802378 版权所有
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Babar.35391 also known as:

Bkav	W32.AIDetect.malware2
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Babar.35391
FireEye	Generic.mg.88bbe1750762016a
ALYac	Gen:Variant.Babar.35391
Cylance	Unsafe
Sangfor	[ARMADILLO V1.71]
K7AntiVirus	Trojan ( 005246d51 )
K7GW	Trojan ( 005246d51 )
Cybereason	malicious.b6ff80
BitDefenderTheta	Gen:NN.ZexaF.34712.5t0@a0Ybf8fH
Cyren	W32/Trojan.CLL.gen!Eldorado
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
ClamAV	Win.Malware.Generic-9820446-0
BitDefender	Gen:Variant.Babar.35391
Ad-Aware	Gen:Variant.Babar.35391
Sophos	Generic ML PUA (PUA)
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-Edition	BehavesLike.Win32.Dropper.wc
SentinelOne	Static AI – Malicious PE
Emsisoft	Gen:Variant.Babar.35391 (B)
APEX	Malicious
Jiangmin	Trojan.Gotango.hke
MAX	malware (ai score=81)
Microsoft	Trojan:Win32/Sabsik.EN.B!ml
GData	Win32.Trojan.PSE.1DNV50E
Cynet	Malicious (score: 100)
VBA32	Trojan.Zpevdo
Malwarebytes	Trojan.MalPack.FlyStudio
Ikarus	PUA.FlyStudio
MaxSecure	Dropper.Dinwod.frindll
Fortinet	W32/CoinMiner.65CA!tr

How to remove Babar.35391?

Babar.35391 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X