Malware

Should I remove “Babar.38915”?

Malware Removal

The Babar.38915 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.38915 virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Babar.38915?



File Info:

name: 28E85B4CE2C91FC1C331.mlw
path: /opt/CAPEv2/storage/binaries/e0fcd1fb9cb6640b264bdac9c81bcf8b5abcff16bdf1609886b2bc5df07e6255
crc32: 74C3FC8D
md5: 28e85b4ce2c91fc1c3318a15cf103084
sha1: e5b28958d977d297b998284e798e32b6ccf5a6f1
sha256: e0fcd1fb9cb6640b264bdac9c81bcf8b5abcff16bdf1609886b2bc5df07e6255
sha512: ebe1d5b21006e0acc3abe05807acc663af46db389d5006f6afa604754e9168a4d8a557723d87afd77e6b1c8664d359ba8f3069849fc8765d1ac0f273eb284b17
ssdeep: 24576:id5vUd1LCWIrVFO7WRRwuSuhaj4jRGa5AWZJZTPx4pxmYI2U:id5SqFTSJKP4I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EA756B12F6818873C16F1A38DDDB9798D82DBE016DEC594F37E87E8C4F392813925296
sha3_384: b8cb2ca8697c1f9dd680190179490bc8253d9c7b205753d1cc59eb58f80bf609dfca862127c6fa1e4f28483c24a0ac7a
ep_bytes: 558bec83c4f0b8905e5200e8e806eeff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: The Qt Company Ltd.
FileDescription: C++ Application Development Framework
FileVersion: 5.12.8.0
LegalCopyright: Copyright (C) 2020 The Qt Company Ltd.
OriginalFilename: Qt5Network.dll
ProductName: Qt5
ProductVersion: 5.12.8.0
Translation: 0x0409 0x04b0

Babar.38915 also known as:

LionicTrojan.Win32.Babar.4!c
MicroWorld-eScanGen:Variant.Babar.38915
FireEyeGeneric.mg.28e85b4ce2c91fc1
ALYacGen:Variant.Babar.38915
CylanceUnsafe
SangforRiskware.Win32.Wacapew.C
AlibabaTrojan:Win32/Generic.7ece2792
BitDefenderThetaGen:NN.ZelphiCO.34638.JH0@aiehQelP
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Delf.USY
TrendMicro-HouseCallTROJ_GEN.R002H09DU22
BitDefenderGen:Variant.Babar.38915
AvastWin32:Malware-gen
RisingStealer.QQPass!1.DB54 (CLOUD)
Ad-AwareGen:Variant.Babar.38915
McAfee-GW-EditionBehavesLike.Win32.Worm.th
EmsisoftGen:Variant.Babar.38915 (B)
IkarusTrojan.Win32.Delf
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Babar.38915
McAfeeArtemis!28E85B4CE2C9
MalwarebytesMalware.AI.4140547113
APEXMalicious
MAXmalware (ai score=86)
FortinetW32/Delf.USY!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Babar.38915?

Babar.38915 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment