PUA

What is “Compromised Nanjing Zhixiao CodeSigningCert (PUA)”?

Malware Removal

The Compromised Nanjing Zhixiao CodeSigningCert (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Compromised Nanjing Zhixiao CodeSigningCert (PUA) virus can do?

  • Presents an Authenticode digital signature
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Compromised Nanjing Zhixiao CodeSigningCert (PUA)?


File Info:

name: FB670662DD6CD0302590.mlw
path: /opt/CAPEv2/storage/binaries/99f6ea7f24d30772752e1327b19b38317329a3966f0b88e1a28753793e21da7b
crc32: 206C6D9F
md5: fb670662dd6cd030259003bb32c0cdd4
sha1: f913cdd361ff15c908aeb98003f4553710cc4e12
sha256: 99f6ea7f24d30772752e1327b19b38317329a3966f0b88e1a28753793e21da7b
sha512: abaaf64e0f7b24cc5ff37f9b6d99d0ab6d63fdcd7a7f992faab9aea1a5b8addfe2e428e493ce175e8fb5188eabbbec178c548cb5fd2e8e6566d05744871217d1
ssdeep: 768:yyfAJ8oOSbAkWwsZeqETiEsxI8JThHBvXJ3W:HM6J/wfq401ZXRW
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1E1035C5722A418F0E6AB8AB5C1D68977EEF0B50517325ACF0660C4E91F63BE1573E30B
sha3_384: 4ae7d3323c522ad1a0aa442f197741a6dbd4c835efbb8300768cef8f08164d27823c65204e2a4dde6296ee8e226a59a4
ep_bytes: 48895c2408574883ec20488bda488bf9
timestamp: 2021-02-26 18:57:16

Version Info:

0: [No Data]

Compromised Nanjing Zhixiao CodeSigningCert (PUA) also known as:

FireEyeGeneric.mg.fb670662dd6cd030
ALYacTrojan.GenericKD.38144665
CylanceUnsafe
ZillyaTool.HackTool.Win64.149
K7AntiVirusTrojan ( 0057f3c11 )
K7GWTrojan ( 0057f3c11 )
Cybereasonmalicious.361ff1
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/Riskware.HackTool.BlackBone.A
APEXMalicious
BitDefenderTrojan.GenericKD.38144665
MicroWorld-eScanTrojan.GenericKD.38144665
AvastWin64:Malware-gen
Ad-AwareTrojan.GenericKD.38144665
SophosCompromised Nanjing Zhixiao CodeSigningCert (PUA)
McAfee-GW-EditionArtemis!PUP
EmsisoftTrojan.GenericKD.38144665 (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.38144665
MAXmalware (ai score=82)
ArcabitTrojan.Generic.D2460A99
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!FB670662DD6C
TrendMicro-HouseCallTROJ_GEN.R002H09L221
RisingTrojan.MalCert!1.DA97 (CLASSIC)
FortinetMalicious_Behavior.SB
AVGWin64:Malware-gen

How to remove Compromised Nanjing Zhixiao CodeSigningCert (PUA)?

Compromised Nanjing Zhixiao CodeSigningCert (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment