Categories: Malware

Babar.70847 removal tips

The Babar.70847 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Babar.70847 virus can do?

Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Sample contains Overlay data
Presents an Authenticode digital signature
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Creates a copy of itself
Harvests cookies for information gathering
Created a service that was not started
Uses suspicious command line tools or Windows utilities

How to determine Babar.70847?


File Info:
name: F13C0CA2744857A2D6B4.mlwpath: /opt/CAPEv2/storage/binaries/19f0113e1bdb3385f39a66c6ff95deaedc232edb0c117ceeecb244aad4405656crc32: 2E8A2402md5: f13c0ca2744857a2d6b4637ba458e9edsha1: 59aed0dfcd54be8943aa4491ba8158ef18280c90sha256: 19f0113e1bdb3385f39a66c6ff95deaedc232edb0c117ceeecb244aad4405656sha512: b68ec7ed22e3614e04ede811cf2d278f7b3df1e0b9d648048409dc79fba6c3ad41943845ca4a870a129ba71ea256a0a7e9a2a54ad92a75824094362c74e9dcd1ssdeep: 1536:gzQ4pyYR3SXA+urU4pYbdnl7cyMZIOtFnToIfVh3VhYjuxzub:gsA3SXA+uACYbdxcyEttTBfVh3XY4ctype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T187A37D42FAC585F2FA64257120EAEB7EDB35B649070896A76744FE171873341A2323CFsha3_384: e6099c8c7a2500fd8b8c5072999e4a8b2dc7a3586e4e083df06d9b025784b3d7a3817712f3b4e2f5aa0b4e2c0dcad165ep_bytes: 558bec6aff689828410068e0e6400064timestamp: 2021-07-13 15:26:22
Version Info:
Comments: CompanyName:  FileDescription: svchost6_releaseFileVersion: 1, 0, 0, 1InternalName: svchost6_releaseLegalCopyright: Copyright ? 2021LegalTrademarks: OriginalFilename: svchost6_release.exePrivateBuild: ProductName:   svchost6_releaseProductVersion: 1, 0, 0, 1SpecialBuild: Translation: 0x0804 0x04b0

Babar.70847 also known as:

Cynet	Malicious (score: 99)
FireEye	Generic.mg.f13c0ca2744857a2
Cylance	Unsafe
Zillya	Trojan.Farfli.Win32.39941
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Farfli.CZI
Kaspersky	HEUR:Backdoor.Win32.Zegost.gen
BitDefender	Gen:Variant.Babar.70847
MicroWorld-eScan	Gen:Variant.Babar.70847
Avast	Win32:BackdoorX-gen [Trj]
Ad-Aware	Gen:Variant.Babar.70847
Emsisoft	Gen:Variant.Babar.70847 (B)
F-Secure	Backdoor.BDS/Zegost.bcoru
DrWeb	BackDoor.Farfli.155
VIPRE	Gen:Variant.Babar.70847
Trapmine	suspicious.low.ml.score
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor.Zegost.arb
Avira	BDS/Zegost.bcoru
MAX	malware (ai score=87)
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Babar.D114BF
ZoneAlarm	HEUR:Backdoor.Win32.Zegost.gen
GData	Gen:Variant.Babar.70847
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C4645132
ALYac	Gen:Variant.Babar.70847
VBA32	BScope.Backdoor.Zegost
Malwarebytes	Backdoor.Zegost
Rising	Backdoor.Zegost!8.177 (TFE:6:NFsDGbCIIGT)
Yandex	Trojan.Farfli!ztgxt+r21WM
Ikarus	Backdoor.Win32.Zegost
BitDefenderTheta	Gen:NN.ZexaF.34646.gu2@aqsIuNdi
AVG	Win32:BackdoorX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (D)