PUA

ElReceptor Keyboard Hook (PUA) malicious file

Malware Removal

The ElReceptor Keyboard Hook (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ElReceptor Keyboard Hook (PUA) virus can do?

  • Creates RWX memory
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

www.cfxy.me

How to determine ElReceptor Keyboard Hook (PUA)?



File Info:

crc32: 179A6E34
md5: 6a8d97225531e52f5d9c76c875f2cacf
name: 1.exe
sha1: 536fbac82d3425f7a1df6bee3e39c95d7877d545
sha256: af3676828f580fa92a62b9161db0d1183d7edb6c789d4d504db1c92f0f8a9357
sha512: 9297ff9e2e21c9cc2fc82b914eee99c27b233cf291b8d034c4cf733c452f1eb8bf6438fac829b6db9445bcf2d2a6b4edf236cb87890bff9686f269f31a9fa12f
ssdeep: 24576:NnsJ39LyjbJkQFMhmC+6GD9jqCRLgN5H4zDtkHAGY6Hz/L:NnsHyjtk2MYC5GD9RLgzHc039
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: 
InternalName: 
FileVersion: 1.0.0.4
CompanyName: Synaptics
LegalTrademarks: 
Comments: 
ProductName: Synaptics Pointing Device Driver
ProductVersion: 1.0.0.0
FileDescription: Synaptics Pointing Device Driver
OriginalFilename: 
Translation: 0x041f 0x04e6

ElReceptor Keyboard Hook (PUA) also known as:

MicroWorld-eScanDropped:Trojan.GenericKD.32840913
FireEyeGeneric.mg.6a8d97225531e52f
CAT-QuickHealSus.Nocivo.E0011
McAfeeGenericRXCB-VC!6A8D97225531
CylanceUnsafe
VIPREBehavesLike.Win32.Malware.eah (mx-v)
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderDropped:Trojan.GenericKD.32840913
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.25531e
TrendMicroVirus.Win32.NAPWHICH.B
BitDefenderThetaAI:Packer.F5AF03D517
F-ProtW32/Zorex.A
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Zorex-E [Wrm]
ClamAVWin.Malware.Delf-6899401-0
GDataDropped:Trojan.GenericKD.32840913
KasperskyBackdoor.Win32.DarkKomet.hqxy
AlibabaBackdoor:Win32/DarkKomet.ac422126
NANO-AntivirusTrojan.Win32.DarkKomet.fazbwq
AegisLabTrojan.Win32.DarkKomet.tp6k
TencentVirus.Win32.DarkKomet.a
Ad-AwareDropped:Trojan.GenericKD.32840913
SophosElReceptor Keyboard Hook (PUA)
ComodoVirus.Win32.Agent.DE@74b38h
F-SecureTrojan:W97M/MaliciousMacro.GEN
ZillyaTrojan.Delf.Win32.76144
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.th
Trapminemalicious.moderate.ml.score
EmsisoftDropped:Trojan.GenericKD.32840913 (B)
CyrenW32/Backdoor.OAZM-5661
JiangminTrojan.Generic.bhoqf
AviraWORM/Dldr.Agent.gqrxn
Antiy-AVLTrojan[Downloader]/Script.AGeneric
Endgamemalicious (high confidence)
ArcabitHEUR.VBA.Trojan.d
ZoneAlarmBackdoor.Win32.DarkKomet.hqxy
MicrosoftWorm:Win32/AutoRun.XXY!bit
AhnLab-V3Win32/Zorex.X1799
Acronissuspicious
ALYacDropped:Trojan.GenericKD.32840913
MAXmalware (ai score=100)
VBA32TScope.Trojan.Delf
MalwarebytesTrojan.Agent
PandaTrj/Genetic.gen
ZonerTrojan.Win32.88102
ESET-NOD32Win32/Delf.NBX
TrendMicro-HouseCallVirus.Win32.NAPWHICH.B
RisingBackdoor.Agent!1.BF3D (CLASSIC)
YandexBackDoor.Optix!
eGambitUnsafe.AI_Score_100%
FortinetW32/Delf.NBX!tr
AVGOther:Malware-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)

How to remove ElReceptor Keyboard Hook (PUA)?

ElReceptor Keyboard Hook (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment