Malware

What is “Babar.90082”?

Malware Removal

The Babar.90082 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Babar.90082 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Japanese
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Babar.90082?



File Info:

name: 2AF13602F1B9A623EFB1.mlw
path: /opt/CAPEv2/storage/binaries/b6b7ea0510130e404890eb089d076ac73cd300fd25546b040dd13d8233083d63
crc32: 9AC56279
md5: 2af13602f1b9a623efb1f48eef9b9d68
sha1: 978e1931f1305fe7c36e58c169875fa3d15b7928
sha256: b6b7ea0510130e404890eb089d076ac73cd300fd25546b040dd13d8233083d63
sha512: 959c333beebe8331aa5f0e563b1d6b3f5472bca18ca9b170694cde080f701a65c8b0003733c2dcbec178ded07b14d448151ce40206181e678f9320a3bd1d25e5
ssdeep: 49152:CvSqSz7IY9KQSyaH2QBwY0H9680K8SkFjoBs1K4beUbp/PIVgq5r4am49gR7Y+:ESzkY9GyhUwYoDajxbpXIJmygR7P
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13EE5339716ABD744FCF199B1B462249FB81FECCBCDE686A1440693271E21C582913EFC
sha3_384: 105b1250e98fba272e6660fbfd0d93ea554bdf596c740fe50648167b795f520f218c468d4309709dfd8369a918d0e100
ep_bytes: eb0800ee11000000000060e800000000
timestamp: 2010-09-16 07:20:36


Version Info:

CompanyName: 
FileDescription: TVP(KIRIKIRI) 2 core / Scripting Platform for Win32
FileVersion: 2.32.1.426
InternalName: tvp2/win32
LegalCopyright: (KIRIKIRI core) (C) 1997-2008 W.Dee and Contributors All Rights Reserved. This software is based in part on the work of Independent JPEG Group. For details: Run this program with '-about' option.
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
PrivateBuild: 
SpecialBuild: 
Translation: 0x0411 0x03a4

Babar.90082 also known as:

FireEyeGen:Variant.Babar.90082
CylanceUnsafe
VIPREGen:Variant.Babar.90082
APEXMalicious
BitDefenderGen:Variant.Babar.90082
MicroWorld-eScanGen:Variant.Babar.90082
Ad-AwareGen:Variant.Babar.90082
EmsisoftGen:Variant.Babar.90082 (B)
IkarusTrojan-Spy.Zbot
GDataGen:Variant.Babar.90082
MAXmalware (ai score=83)
ArcabitTrojan.Babar.D15FE2
GoogleDetected
ALYacGen:Variant.Babar.90082
VBA32Trojan.Inject

How to remove Babar.90082?

Babar.90082 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment