PUA

What is “Fast Reverse Proxy (PUA)”?

Malware Removal

The Fast Reverse Proxy (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Fast Reverse Proxy (PUA) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Fast Reverse Proxy (PUA)?



File Info:

name: D3F15E9DF60F3961FD85.mlw
path: /opt/CAPEv2/storage/binaries/9280b1ed1a6940ce3728c5b49dfd71122b8354681eb52f16e7c736347533555c
crc32: 158D39F7
md5: d3f15e9df60f3961fd85504fe584d6f6
sha1: 9ddad7be04c041f285c0650dbf76652c580372c5
sha256: 9280b1ed1a6940ce3728c5b49dfd71122b8354681eb52f16e7c736347533555c
sha512: a7de595119ce176b50a1b9a252be11a74d2b70f8d48b3dde2b54daba2cdda9f345cd88f228b5a1cb49decd43996f0705605e97cb590d6e6fc32b28475b9c7df8
ssdeep: 98304:mYUEVfGKndnCUzdhJplthK/kPztMgKPC4k1vBsh1gVNP04:mzqf5hvebvkBBsh1Ca4
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F3C63A90FDDB44F5EA03187054ABA2BF27316E098B34CAC7E6647F2AE8775E10A37115
sha3_384: ce930185fba59fd06ce60ba14c922121af5d49374f7b899a949277ba9b70a2932e601610f8115d3c0c537fe01fed9c34
ep_bytes: e9cbdcffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Fast Reverse Proxy (PUA) also known as:

LionicRiskware.Win64.FRP.1!c
Elasticmalicious (moderate confidence)
CylanceUnsafe
SangforHacktool.Win64.FRP.gen
K7AntiVirusTrojan ( 0058f6271 )
AlibabaNetTool:Win64/Generic.025de79f
K7GWTrojan ( 0058f6271 )
ESET-NOD32a variant of WinGo/HackTool.Agent.Y
APEXMalicious
AvastWin32:Trojan-gen
Kasperskynot-a-virus:HEUR:NetTool.Win64.FRP.gen
TencentWin32.Hacktool.Agent.Wtdh
McAfee-GW-EditionBehavesLike.Win32.BadFile.wh
SophosFast Reverse Proxy (PUA)
AviraTR/Redcap.yrght
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
McAfeeArtemis!D3F15E9DF60F
TrendMicro-HouseCallTROJ_GEN.R002H0DF722
RisingHacktool.Agent!8.335 (CLOUD)
FortinetW32/Agent.Y!tr
AVGWin32:Trojan-gen

How to remove Fast Reverse Proxy (PUA)?

Fast Reverse Proxy (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment