Malware

Babar.40934 information

Malware Removal

The Babar.40934 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.40934 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the Vidar malware family
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system

How to determine Babar.40934?



File Info:

name: 2F90117AF44DCE4484C3.mlw
path: /opt/CAPEv2/storage/binaries/3fcf4e86303d63b9aab3206025952edfe7fa84c89a7d9fc759d8e5633e1d1d08
crc32: F8FE81FE
md5: 2f90117af44dce4484c36c3806f7cc9d
sha1: 2616b94b72e4e9aa3e3b4df82eee293d5707c3f1
sha256: 3fcf4e86303d63b9aab3206025952edfe7fa84c89a7d9fc759d8e5633e1d1d08
sha512: ac262ba35ee0c57abcfe93c0ee233a64be53ea57ece6b8edf3e0dc5a6f4199b121d36e7029b8358264ed78d3c3e89601f04983d74e8abef49f6ca8609b9c97ca
ssdeep: 196608:NLxMFlEcRYxMFlEcRqzq/7DuuSFBauWtKh+:HMFNRgMFNROZWtK+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17C666A50BABEC6F0C0163C35700D712FA97979164B1D49E3E7F02658EEB4AE24AF61D2
sha3_384: a7e6e98d1b29b5dd9e3d6ed4f68b8a144b739a210afffaeb176cc249c82361ce5825d75939e6057ff67d15b9e221db22
ep_bytes: 60be003043008dbe00e0fcff5783cdff
timestamp: 2022-04-24 08:16:41


Version Info:

CompanyName: Irrational Games
FileDescription: BioShock Infinite
FileVersion: 1,1,25,5165
InternalName: XGame.exe
LegalCopyright: Copyright 2002-2013 Irrational Games and Take-Two Interactive Software, Inc.
OriginalFilename: BioShockInfinite.exe
ProductName: BioShock Infinite
ProductVersion: 1.0.1643565
Translation: 0x0409 0x04b0

Babar.40934 also known as:

MicroWorld-eScanGen:Variant.Babar.40934
BitDefenderGen:Variant.Babar.40934
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/PSW.Agent.OGR
APEXMalicious
AvastFileRepMalware [Misc]
RisingStealer.Agent!8.C2 (TFE:dGZlOgULf+IlIEWvDA)
Ad-AwareGen:Variant.Babar.40934
EmsisoftGen:Variant.Babar.40934 (B)
McAfee-GW-EditionBehavesLike.Win32.Shohdi.vh
FireEyeGeneric.mg.2f90117af44dce44
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Babar.40934
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.226649A
ArcabitTrojan.Babar.D9FE6
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ALYacGen:Variant.Babar.40934
BitDefenderThetaGen:NN.ZexaF.34606.@tKfaqVIH1ji
AVGFileRepMalware [Misc]
Cybereasonmalicious.b72e4e

How to remove Babar.40934?

Babar.40934 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment