Malware

What is “Downloader.Win32.InnoBundle.apcs”?

Malware Removal

The Downloader.Win32.InnoBundle.apcs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.InnoBundle.apcs virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Downloader.Win32.InnoBundle.apcs?



File Info:

name: DE8488468832FDFB9D33.mlw
path: /opt/CAPEv2/storage/binaries/ef5c5437c8eb50d60ca93cb4b9936dc4669febaf331578ab312f95422d76ac96
crc32: BCDA1F22
md5: de8488468832fdfb9d335470e52e1617
sha1: ee3ed789d47ea49a120e2d771c36bcf2ab5cb806
sha256: ef5c5437c8eb50d60ca93cb4b9936dc4669febaf331578ab312f95422d76ac96
sha512: 561105b2eb55270a8abe80cd8362b9f6a2c9c8ee8adc01816176bf2719b60625539d91a594cfe8d405ace5620332ef945e0e2134f95a06169cd57e2d9ee389fd
ssdeep: 196608:p+noxjXnbMR+c80GtESTtPuv9Scq7kZjy1ien5vMzLP+US5bnJJOByrLyWfNVqb:J2GPTt+S5naLPYh+ByrLfLqb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C1D63333A7C19474CB265974CEB850486F23B9901DEA36493E38EF8D2B7F7412936627
sha3_384: f7fb73b170b121f6b1410cae821a1747236bc32ae8a84b009a830628c4edd15eb9aad061e6f58937fbf2d830ae1b0e55
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2018-06-14 13:27:46


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: WinRAR Setup (r2401170500)                                  
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: WinRAR                                                      
ProductVersion:                                                   
Translation: 0x0000 0x04b0

Downloader.Win32.InnoBundle.apcs also known as:

Elasticmalicious (high confidence)
SkyhighArtemis!PUP
Cylanceunsafe
K7AntiVirusRiskware ( 0040eff71 )
AlibabaDownloader:Win32/InnoBundle.1a00e4f5
K7GWRiskware ( 0040eff71 )
CynetMalicious (score: 100)
Kasperskynot-a-virus:Downloader.Win32.InnoBundle.apcs
AvastWin32:Malware-gen
DrWebAdware.Downware.20475
WebrootW32.Downloader.Gen
ZoneAlarmnot-a-virus:Downloader.Win32.InnoBundle.apcs
McAfeeArtemis!DE8488468832
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_60% (D)

How to remove Downloader.Win32.InnoBundle.apcs?

Downloader.Win32.InnoBundle.apcs removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment