Malware

Babar.71716 (file analysis)

Malware Removal

The Babar.71716 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.71716 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Likely virus infection of existing system binary

How to determine Babar.71716?



File Info:

name: 03490EE0DB5943AC02C6.mlw
path: /opt/CAPEv2/storage/binaries/f42da34dfec04b0dfc9c915211590c80bd762de0c9d0c9fc4b4bbea3d40fa34f
crc32: 71CDF92B
md5: 03490ee0db5943ac02c6d48b070b5c04
sha1: 780acf09467818fbd29c560bf5ff818ecc6ebb52
sha256: f42da34dfec04b0dfc9c915211590c80bd762de0c9d0c9fc4b4bbea3d40fa34f
sha512: b8218fc362d5e1aa71532741321f8ef063e6b121dc66fa3eec001c5923f2f7a2e939c6ffc54e9157bebf637fb28cd20844e8786e963ccc3fc8861fc248eb4b4e
ssdeep: 196608:WoZC75xGwfl7/8NeJsPkIPo20/HSW5ozelRYZ3LEu:zW5Yclr8Nm/so5HSYozR3j
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T129763347D54084F1CCDA6EB07C935A5B6762BC376C3AA27939CCFA1E4C373A42899718
sha3_384: 5a839e5f4d672a5db90e00cbf5df6ca949ed7df10d3e0a4d22905df328d7c9728968a6e4f3a7e9f259b5d0261cc01c20
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Baisvik, LLC                                                
FileDescription: Baisvik Disk Cleaner Free                                   
FileVersion: 1.2.0.14            
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Babar.71716 also known as:

LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanGen:Variant.Babar.71716
FireEyeGen:Variant.Babar.71716
McAfeeArtemis!03490EE0DB59
CylanceUnsafe
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.c7147f2f
K7GWTrojan ( 005722f11 )
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DFK22
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amhup
BitDefenderGen:Variant.Babar.71716
AvastWin32:Adware-gen [Adw]
TencentWin32.Trojan-dropper.Agent.Crh
Ad-AwareGen:Variant.Babar.71716
EmsisoftGen:Variant.Babar.71716 (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.IQ6D81
MicrosoftTrojan:Win32/Wacatac.B!ml
ALYacGen:Variant.Babar.71716
MAXmalware (ai score=82)
MalwarebytesMalware.AI.2403116055
FortinetRiskware/Agent
AVGWin32:Adware-gen [Adw]

How to remove Babar.71716?

Babar.71716 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment