Categories: PUA

Generic PUA JM (PUA) information

The Generic PUA JM (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic PUA JM (PUA) virus can do?

Executable code extraction
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Detected script timer window indicative of sleep style evasion
A process attempted to delay the analysis task.
Starts servers listening on 0.0.0.0:5650, :0
Expresses interest in specific running processes
Reads data out of its own binary image
A process created a hidden window
Unconventionial language used in binary resources: Russian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
A scripting utility was executed
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

Related domains:

rmansys.ru

How to determine Generic PUA JM (PUA)?


File Info:
crc32: B5F01C0Bmd5: 80df2f0d4da5e61f4341c4d971170395name: 2a4094a2133837df.exesha1: 4246048db2e697a05f8dc252e3cb60f7ce83832asha256: 915738e4e4df8462f006d169a1cdebc3f311f7250b794281f78fa24d90586e4bsha512: 8a78824845d3b5f235028dd19107a6a9469f5f1bb4b18d7e41e54e6aff1d76157e0866c1cdb6d0d46029bca4307afc501a50f04d03926902ff96d8ca44acf069ssdeep: 98304:b2tpzpptdlPk/vq1FXRF7LOmt64dcn1mx71J/T+BXuBFBrEy:b8tdcq1FXRxZtcnAJ1REXsBIytype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
0: [No Data]

Generic PUA JM (PUA) also known as:

MicroWorld-eScan	Trojan.ScriptKD.4412
CAT-QuickHeal	HackTool.Rabased
McAfee	Artemis!B8667A1E8456
Malwarebytes	PUP.Optional.RemoteUtilities
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 004f35231 )
K7GW	Trojan ( 004f35231 )
Invincea	heuristic
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9943
Cyren	W32/Trojan.MBDS-0756
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	BAT/RA-based.CX
TrendMicro-HouseCall	TROJ_GE.EDF1590A
ClamAV	Win.Trojan.Generickd-4341
GData	Trojan.ScriptKD.4412
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.ScriptKD.4412
NANO-Antivirus	Trojan.Script.RMS.enpelx
AegisLab	Troj.W32.Generic!c
Avast	Win32:PUP-gen [PUP]
Endgame	malicious (moderate confidence)
Emsisoft	Trojan.ScriptKD.4412 (B)
Comodo	TrojWare.Win32.Generic.usubc
F-Secure	Gen:Variant.Graftor.316246
DrWeb	VBS.Starter.65
Zillya	Trojan.GenericKD.Win32.1712
TrendMicro	TROJ_GE.EDF1590A
McAfee-GW-Edition	BehavesLike.Win32.Obfuscated.wc
Sophos	Generic PUA JM (PUA)
Ikarus	not-a-virus:RemoteAdmin.Win32.RMS
Jiangmin	RemoteAdmin.RMS.w
Avira	TR/Dropper.Gen
Antiy-AVL	RiskWare[RemoteAdmin]/Win32.RMS
Arcabit	Trojan.ScriptKD.D113C
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	HackTool:Win32/Rabased
ALYac	Trojan.ScriptKD.4412
AVware	Trojan.Win32.Generic!BT
VBA32	Backdoor.RMS
Rising	Trojan.Generic (cloud:tS6cZa3tQGQ)
Yandex	Trojan.InstallRadmin.B
SentinelOne	static engine – malicious
Fortinet	Riskware/RemoteAdmin_RemoteUtilities
Ad-Aware	Trojan.ScriptKD.4412
AVG	Win32:PUP-gen [PUP]
Panda	Trj/CI.A
CrowdStrike	malicious_confidence_100% (D)
Qihoo-360	HEUR/QVM11.1.FDD8.Malware.Gen