Bang5mai (PUA) malicious file

The Bang5mai (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Bang5mai (PUA) virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Authenticode signature is invalid
Checks the CPU name from registry, possibly for anti-virtualization
Accessed credential storage registry keys

How to determine Bang5mai (PUA)?


File Info:
name: 27831C226944C27D244C.mlw
path: /opt/CAPEv2/storage/binaries/05bdf487a647e70af3ca23c82d2f9bcbb9a89c6c02d8c2b26c07395e9316905d
crc32: 04B4A7BB
md5: 27831c226944c27d244ccefbf21782e5
sha1: 1135ba696da1ab19b02cf814f318d4af4f83517d
sha256: 05bdf487a647e70af3ca23c82d2f9bcbb9a89c6c02d8c2b26c07395e9316905d
sha512: 5ec071d2a8591c82a9fa92a6daa4927f107189c4cf6369346ff8b7c8f084815315dd267893debc3c9be509e540b244abdb7c1741fac8906ed9fd0df4af0bf476
ssdeep: 12288:1ZtZh2NWAAjGYzxRzruxOgymd3UrCv9pGGdxTjKIC0spxDatGib9T2Wx1YKHPr1:rh2Nw31rC3GGzHKItMx29b9T2+HPr1
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T178F49E20B791C036F5B715B289BD967E5438F531072658DBE3C80E6E1EB06E16E31B2B
sha3_384: e1d1e8be9fcef9f0d7b6aa62243ca87bd6c5cad2a391f25901780ece6de0cfec557633cb4c365addc9d072aacfe11c84
ep_bytes: e879a60000e995feffff8bff558bec51
timestamp: 2014-12-31 05:30:35

Version Info:
0: [No Data]

Bang5mai (PUA) also known as:

Bkav	W32.Common.E86A6866
Cylance	unsafe
Zillya	Worm.RunonceCRTD.Win32.4440
Sangfor	Adware.Win32.Bang5mai.Vq43
CrowdStrike	win/grayware_confidence_100% (W)
K7GW	Adware ( 004d9ee41 )
K7AntiVirus	Adware ( 004d9ee41 )
VirIT	PUP.Win32.Generic.AG
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
F-Secure	Adware.ADWARE/Bang5mai.Gen
Sophos	Bang5mai (PUA)
GData	Win32.Application.Agent.AG6EFD
Avira	ADWARE/Bang5mai.Gen
Microsoft	PUA:Win32/Bang5mai
VBA32	BScope.Adware.Bang5mai
Rising	Adware.Bang5Mai!1.E0A2 (CLASSIC)
DeepInstinct	MALICIOUS

How to remove Bang5mai (PUA)?

Bang5mai (PUA) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X