What is "Generic PUA FJ (PUA)"?

The Generic PUA FJ (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic PUA FJ (PUA) virus can do?

Executable code extraction
Presents an Authenticode digital signature
Possible date expiration check, exits too soon after checking local time
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity contains more than one unique useragent.
Anomalous binary characteristics

Related domains:

yz.app.sogou.com

ping.t.sogou.com

xz.sogou.com

yze.t.sogou.com

How to determine Generic PUA FJ (PUA)?


File Info:
crc32: 05483804
md5: a8c2592da372a910e6fb7fb604739ecc
name: sogoubfbbm.e
sha1: 592b5230f5e428da2d7ea60917deb09a968c3512
sha256: e95801a049fc097309e2ddaa362d1aa592d9d399f1ae9fe7663bc0a46a1af267
sha512: 7ad8db21047d66ccd4b52f858bd5ad00609f1f47a177eef41b84ba48cd39e6fa46b27c5ee5f52680e8ad21b8341dc94b480c27a885486fac401d30742bd01e2e
ssdeep: 49152:DuuE7AnqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFW:1E7AqrlyutLxC3sEwwM
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 2014 Sogou.com Inc. All rights reserved.
InternalName: MiniDownLoad.exe
FileVersion: 3.1.12.94
CompanyName: Sogou.com Inc.
ProductName: x8f6fx4ef6x52a9x624b
ProductVersion: 3.1.12.94
FileDescription: x8f6fx4ef6x52a9x624b
OriginalFilename: MiniDownLoad.exe
Translation: 0x0804 0x04b0

Generic PUA FJ (PUA) also known as:

Bkav	W32.HfsAdware.170E
FireEye	Generic.mg.a8c2592da372a910
CAT-QuickHeal	Trojan.MauvaiseRI.S5244821
McAfee	PUP-FTL
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Unwanted-Program ( 004cca081 )
K7GW	Unwanted-Program ( 004cca081 )
TrendMicro	TROJ_GEN.R002C0PBG20
F-Prot	W32/Sogou.H.gen!Eldorado
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Worm.Chir-2282
GData	Win32.Trojan.Agent.F13P0C
Kaspersky	not-a-virus:Downloader.Win32.Sogou.g
Alibaba	Downloader:Win32/Sogou.de2e7b70
NANO-Antivirus	Trojan.Win32.Gbot.fgypno
Endgame	malicious (high confidence)
Sophos	Generic PUA FJ (PUA)
Comodo	Application.Win32.Sogou.C@6e9656
F-Secure	Adware.ADWARE/Sogou.wqqyp
DrWeb	BackDoor.Gbot.2850
Zillya	Downloader.SogouCRTD.Win32.237
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Emsisoft	Application.Chindo (A)
Ikarus	not-a-virus:Downloader.Sogou
Cyren	W32/Sogou.H.gen!Eldorado
Avira	ADWARE/Sogou.wqqyp
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	RiskWare[Downloader]/Win32.Sogou
ZoneAlarm	not-a-virus:Downloader.Win32.Sogou.g
Microsoft	PUA:Win32/Sogou
AhnLab-V3	PUP/Win32.Downloader.R180775
VBA32	Downloader.Sogou
Malwarebytes	Adware.Sogou
ESET-NOD32	a variant of Win32/Sogou.H potentially unwanted
TrendMicro-HouseCall	TROJ_GEN.R002C0PBG20
Tencent	Malware.Win32.Gencirc.10b135f4
Yandex	PUA.Downloader!
SentinelOne	DFI – Malicious PE
MaxSecure	Trojan.Malware.8608356.susgen
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_80% (D)

How to remove Generic PUA FJ (PUA)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Generic PUA FJ (PUA)”?