Malware

Dropped:Application.Hook.K (B) removal

Malware Removal

The Dropped:Application.Hook.K (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Application.Hook.K (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Disables host Power options (shutdown, logoff, lock, change password)
  • Attempts to disable UAC
  • Uses suspicious command line tools or Windows utilities

How to determine Dropped:Application.Hook.K (B)?



File Info:

name: 0B7A0A4454609434478F.mlw
path: /opt/CAPEv2/storage/binaries/d62c6c02df73dec276a854126a4ac56fecea0ee7118d995049da101b6967e0a7
crc32: 111C544E
md5: 0b7a0a4454609434478f2392b61a83be
sha1: a7656aad8c86d30941abdd7fcf1c6c0050fb8b9a
sha256: d62c6c02df73dec276a854126a4ac56fecea0ee7118d995049da101b6967e0a7
sha512: d374b84877ac7076105d8cbabe8e62876e987cfbb3bfc3f9733ff8b582135dff8eee46c323f51a8201bf54921e53b863180ec8ab183a39c8126364bafe1b48a0
ssdeep: 49152:voIxgGbiTqunUaIavnZ6wPjOVr1334FEGNP:TSGbiTquvvY9Vr1334FEGNP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FAA59E22BE50C0B3E65111F024A7A3769A35FE615B3085E373A0FF6D99316F0793729A
sha3_384: 4dc86d00d1f0f77a5911948ce602743f5b5cf763ecd7f69783debdacc7cceb27ba3b6bdcc2ff6d51fcde1a27d75e7553
ep_bytes: 558bec6aff68a086580068dcc9480064
timestamp: 2021-12-11 00:37:52


Version Info:

FileVersion: 1.0.0.0
FileDescription: systemcrasher
ProductName: systemcrasher
ProductVersion: 1.0.0.0
CompanyName: null
LegalCopyright: null 版权所有
Comments: systemcrasher
Translation: 0x0804 0x04b0

Dropped:Application.Hook.K (B) also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Application.Hook.K
FireEyeGeneric.mg.0b7a0a4454609434
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.454609
BitDefenderThetaGen:NN.ZexaF.34084.fs0@aiz08Xhb
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
ClamAVWin.Malware.Generic-9820446-0
BitDefenderDropped:Application.Hook.K
Ad-AwareDropped:Application.Hook.K
SophosGeneric ML PUA (PUA)
ComodoWorm.Win32.Dropper.RA@1qraug
BaiduWin32.Trojan.Hooker.b
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
EmsisoftDropped:Application.Hook.K (B)
GDataWin32.Trojan.PSE.12FI8JT
Antiy-AVLTrojan/Generic.ASCommon.FA
ArcabitApplication.Hook.K
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
ALYacDropped:Application.Hook.K
MAXmalware (ai score=70)
VBA32BScope.Backdoor.Poison
MalwarebytesTrojan.MalPack.FlyStudio
APEXMalicious
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Dropped:Application.Hook.K (B)?

Dropped:Application.Hook.K (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment