What is “Falco Bundleware (PUA)”?

The Falco Bundleware (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Falco Bundleware (PUA) virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Falco Bundleware (PUA)?


File Info:
name: 1DE3987217521E873124.mlw
path: /opt/CAPEv2/storage/binaries/24b7b51100d209e8c15c1dc9b52951a733f502a9bc7e479fa0a16841444ace97
crc32: 57FC1D8C
md5: 1de3987217521e8731240d6dc0917ca5
sha1: 27cba54e26d6ebd1e089eb02e34760fd5e307862
sha256: 24b7b51100d209e8c15c1dc9b52951a733f502a9bc7e479fa0a16841444ace97
sha512: 5c09e704b93507a74663a0195c3fc4dfe8773f8e4df517cceae69ee689c65bdfdb06c89f418049f2aece1e251f34219d41c86355ce45eb22bb5b8acb2926d49e
ssdeep: 98304:hEPXijjg4nP5+8+xhC5NSqyNhVjMDqaivGNb80jyct5QHneD:Zjg4nhn5DkoDKuNbnyWD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14B06013FB268653ED4AF1B3249B39360997BBB61A85A8C1E07F0081DCF665701F3B615
sha3_384: da792314aa2207eaa3631875bd36929321973780f20db5c9118530fcc590fab786848bf9ce6a1c1088d9d8b4aa4e335e
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName: FalcoWare, Inc.                                             
FileDescription: Twins Setup                                                 
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Twins                                                       
ProductVersion:                                                   
Translation: 0x0000 0x04b0

Falco Bundleware (PUA) also known as:

Bkav	W32.AIDetectMalware
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/grayware_confidence_100% (D)
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Avast	Win32:VSok-A [PUP]
Tencent	Malware.Win32.Gencirc.115cb820
Sophos	Falco Bundleware (PUA)
Varist	W32/FalcoBundler.B.gen!Eldorado
GData	Win32.Application.Falco.A
Google	Detected
Ikarus	PUA.BundleLoader
Fortinet	Adware/Falco
AVG	Win32:VSok-A [PUP]
DeepInstinct	MALICIOUS

How to remove Falco Bundleware (PUA)?

Falco Bundleware (PUA) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X