Malware

What is “BrowserModifier:Win32/CNNIC!pz”?

Malware Removal

The BrowserModifier:Win32/CNNIC!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BrowserModifier:Win32/CNNIC!pz virus can do?

  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine BrowserModifier:Win32/CNNIC!pz?



File Info:

name: B4EEA28BF76543D4091B.mlw
path: /opt/CAPEv2/storage/binaries/bff5795cacf849b5b2a53420b129026b4d1f3007554528926847c55a1a479b04
crc32: CA062D31
md5: b4eea28bf76543d4091b7844b25b4b1a
sha1: aa11a1d7926d346cfdc433e83b28ed24f5a00033
sha256: bff5795cacf849b5b2a53420b129026b4d1f3007554528926847c55a1a479b04
sha512: a3fba5d511d02140d3eba5dfb8cde76044c50faa7d970532c603f6eedca784412a52dd6020b2c55220a9f0be0055026608d9bccc4f428ec3de09b8c49399a17e
ssdeep: 6144:+bFSTsVtM6vNHlk9N9ZAXbBNBa9eBGZlWh8p2aLczMwMEbkRR9rFDHig0u2VDHkU:EoYtMoHl09Z8B+ZlEYOwRR9xHigGk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D38423F4AD70C779E5E514B5A8A7136290C89E7B7658423A73B62F048CF83C9704B1BE
sha3_384: 8e4488c207b53d68b09a7ad810dc46e696fef0bd44eaaa032f48ef8dc98ff2ff57a3eacd5b3e8ba4d23964aa51a09ae5
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2007-05-25 10:05:17


Version Info:

Comments: 
CompanyName: 中国互联网络信息中心
FileDescription: 国际化域名支持
FileVersion: 2, 6, 0, 1
InternalName: 
LegalCopyright: Copyright CNNIC 2006 - 2007
LegalTrademarks: 
OriginalFilename: setup.exe
PrivateBuild: 
ProductName: 
ProductVersion: 2, 6, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

BrowserModifier:Win32/CNNIC!pz also known as:

BkavW32.AIDetectMalware
LionicAdware.Win32.Horse.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Horse.CTF
ClamAVWin.Trojan.Fraudload-9877449-0
FireEyeTrojan.Horse.CTF
SkyhighBehavesLike.Win32.Worm.fc
ALYacTrojan.Horse.CTF
MalwarebytesMachineLearning/Anomalous.100%
ZillyaTrojan.Genome.Win32.109489
SangforAdware.Win32.Cnnic.V84g
AlibabaAdWare:Win32/CnsMin.fb3f57c4
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.CBXVXBJ
APEXMalicious
CynetMalicious (score: 100)
Kasperskynot-a-virus:AdWare.Win32.CnsMin.ha
BitDefenderTrojan.Horse.CTF
NANO-AntivirusTrojan.Win32.TrjGen.qmefa
AvastWin32:Cnnic-D [PUP]
TencentWin32.AdWare.Cnsmin.Ssmw
SophosCNav (PUA)
F-SecureAdware.ADSPY/Cdn.B.1
DrWebAdware.Cdn
VIPRETrojan.Horse.CTF
TrendMicroTROJ_GEN.R002C0PAN24
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.Horse.CTF (B)
IkarusBHO.Win32.CNNIC
GoogleDetected
AviraADSPY/Cdn.B.1
Antiy-AVLTrojan/Win32.SGeneric
KingsoftWin32.Troj.BDSearch.gen
MicrosoftBrowserModifier:Win32/CNNIC!pz
XcitiumApplicUnwnt.Win32.Adware.Cdn.B`10@1ns3ot
ArcabitTrojan.Horse.CTF
ZoneAlarmnot-a-virus:AdWare.Win32.CnsMin.ha
GDataTrojan.Horse.CTF
VaristW32/Adware.HYWG-8133
McAfeeArtemis!B4EEA28BF765
MAXmalware (ai score=100)
VBA32Adware.Cdn
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0PAN24
RisingTrojan.Bitrep!8.F596 (CLOUD)
YandexTrojan.GenAsa!EwqfwPoyI0A
MaxSecureTrojan.Malware.1812885.susgen
AVGWin32:Cnnic-D [PUP]
Cybereasonmalicious.7926d3
DeepInstinctMALICIOUS

How to remove BrowserModifier:Win32/CNNIC!pz?

BrowserModifier:Win32/CNNIC!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment