Malware

Should I remove “Babar.50722”?

Malware Removal

The Babar.50722 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.50722 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Terminates another process
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Deletes executed files from disk

How to determine Babar.50722?



File Info:

name: A8B3D27CF5374755C030.mlw
path: /opt/CAPEv2/storage/binaries/bdefdf2683f9f82ae7aeb4b3b3d884f735136e6490a0891d8ad77bd97949d6ce
crc32: 3DB2B214
md5: a8b3d27cf5374755c03016528974db0e
sha1: eba7162a0883aed4ebfbbdd2d5a1948f01bd48dc
sha256: bdefdf2683f9f82ae7aeb4b3b3d884f735136e6490a0891d8ad77bd97949d6ce
sha512: 01bceaa89b22f57c08c22660235322a9ae0e3bd7293931ec897abf61f671a1ccee3681fb18271c7aea90dd0397ee2f22a9636c11e157c353d60583be5b542860
ssdeep: 6144:Gjbein2IqSW15jhPH3MvLXRXZnXkba0S7QzOvY3TZ2pLEcTJj3NJf:Gui0l5hPMDkbahQzg8N2fhH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18E74F11293E54037F0F927B109FA12A32779FCA07BB5A7AFC24945D95C716C0AA7831B
sha3_384: 41055b2ffa69390b1ca8a0ac51161fd01e46d1aeebf7585ca15663e0df3c5e5f947284642e3cec6355db495e6ffec78a
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

Babar.50722 also known as:

CynetMalicious (score: 100)
FireEyeGeneric.mg.a8b3d27cf5374755
McAfeeArtemis!A8B3D27CF537
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Variant.Babar.50722
K7GWTrojan ( 005079e01 )
K7AntiVirusTrojan ( 005079e01 )
CyrenW32/Trojan.LBJW-3970
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Injector.DMCJ
APEXMalicious
ClamAVWin.Malware.Yakes-6957000-0
KasperskyTrojan.Win32.Yakes.sptt
NANO-AntivirusTrojan.Win32.Yakes.emdugb
MicroWorld-eScanGen:Variant.Babar.50722
AvastWin32:Rootkit-gen [Rtk]
RisingTrojan.Generic@AI.86 (RDMK:ZzNkUFgE3JMwJXlbtz+tsQ)
Ad-AwareGen:Variant.Babar.50722
SophosMal/Generic-S
ComodoMalware@#2ts2uv1k743oo
F-SecureTrojan.TR/AD.CeeInject.xqxdc
DrWebTrojan.Inject2.58543
TrendMicroTROJ_GEN.R002C0PF322
McAfee-GW-EditionGenericRXDN-SX!71CD919E204A
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Babar.50722 (B)
JiangminTrojan.Yakes.uiy
AviraTR/AD.CeeInject.kxkjt
Antiy-AVLTrojan/Generic.ASMalwS.24F
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Yakes.sptt
GDataGen:Variant.Babar.50722
AhnLab-V3Trojan/Win.Yakes.C5209330
BitDefenderThetaGen:NN.ZexaF.34786.tq0@a0p!LZej
ALYacGen:Variant.Babar.50722
MAXmalware (ai score=80)
VBA32BScope.TrojanPSW.Stealer
MalwarebytesMalware.AI.2939079590
TrendMicro-HouseCallTROJ_GEN.R002C0PF322
YandexTrojan.Yakes!LOwhHp6t2GU
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.DOUM!tr
AVGWin32:Rootkit-gen [Rtk]
Cybereasonmalicious.cf5374
PandaTrj/CI.A

How to remove Babar.50722?

Babar.50722 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment