PUA

What is “Falco Bundleware (PUA)”?

Malware Removal

The Falco Bundleware (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Falco Bundleware (PUA) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Falco Bundleware (PUA)?



File Info:

name: 0CEB01C7B72192570CF2.mlw
path: /opt/CAPEv2/storage/binaries/46bb66b302dfd80de484186b937d94b304f1a6fcfb52706e9d12357525bf2c02
crc32: 43A4467A
md5: 0ceb01c7b72192570cf202724fbeb7d6
sha1: 97a56153e1abe128e2fd5bd385f04c67eac489e1
sha256: 46bb66b302dfd80de484186b937d94b304f1a6fcfb52706e9d12357525bf2c02
sha512: 30e5adb09fd758453ce3aeaca95bb1c2969686ee0e145a93e16040d08b327a3c14fb9472628db2f6fc802e3f29b85fdc6fb63980865617637520a2e2a6b6be16
ssdeep: 98304:r1QTVEeFh0x58fyuH83ao/883bDRSyNeRZge:BMV09uH8bZsX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T191060227B298643EC4AE2B354573A05058FBA6ADF417BE1677F4C88CCF621C01E3E665
sha3_384: 0fe5dc22596ded3fc54ab07acff573264bcd4a7f19e37fbd0264a29027884d5b51c91ec7ce2e502d8fbe03bafc6fd34e
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2019-10-12 11:15:57


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: FalcoWare, Inc.                                             
FileDescription: Paranormal Zone Setup                                       
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Paranormal Zone                                             
ProductVersion:                                                   
Translation: 0x0000 0x04b0

Falco Bundleware (PUA) also known as:

BkavW32.AIDetectMalware
LionicAdware.Win32.Falco.2!c
Cylanceunsafe
SangforPUP.Win32.Agent.Vhkw
K7AntiVirusRiskware ( 00584baa1 )
K7GWRiskware ( 00584baa1 )
AvastWin32:VSok-A [PUP]
SophosFalco Bundleware (PUA)
IkarusPUA.Falco
Antiy-AVLGrayWare[AdWare]/Win32.Falco.a
MicrosoftPUA:Win32/Presenoker
GDataWin32.Application.Falco.A
VaristW32/FalcoBundler.B.gen!Eldorado
MalwarebytesAdware.RelevantKnowledge
TrendMicro-HouseCallTROJ_GEN.R002H0CAI24
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetRiskware/Application
AVGWin32:VSok-A [PUP]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Falco Bundleware (PUA)?

Falco Bundleware (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment