Malware

What is “Generik.BEUZTFZ”?

Malware Removal

The Generik.BEUZTFZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.BEUZTFZ virus can do?

  • A file was accessed within the Public folder.
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Behavioural detection: Injection (inter-process)
  • Loads Chromium browser extension from directory
  • Attempts to modify browser security settings
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Generik.BEUZTFZ?



File Info:

name: 70D098783E77D6F9EF23.mlw
path: /opt/CAPEv2/storage/binaries/94e81bfb32a16d07689aea2c9520a61e4044c7a5c3f011131022f828434e678e
crc32: 19482067
md5: 70d098783e77d6f9ef23327162be48a7
sha1: 9ee0988fc2f28f5b49734c4852d56e545468a2de
sha256: 94e81bfb32a16d07689aea2c9520a61e4044c7a5c3f011131022f828434e678e
sha512: 18da3520990ecbf09386950c9acba12353d51157e2ffa605e3470d542ae55bf703222a7ac9d14f6a6181611a66107057933001814ca34a6065dedc672836d633
ssdeep: 3072:26u+Qz1VpaA14LdGUL5dKp+Rn+4k1VpaAK4LdGULEdKp+Rn+4Lb4rcZ9Gw4VkLyC:O4LdGULnP4LdGULOZbf9Gwf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1770543B2D1A732C1C935AC77D6584620ACFA7F0351BB6B766F84B53420709BE1B8827D
sha3_384: 85697dc2f727486de8004bc2bde39015c4720a47bdeebc42ca9e5c3b296b998883a79c0590ddfb2eb1c1c10b3caed7c4
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-09-15 23:23:51


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft
FileDescription: WindowsFormsApplication1
FileVersion: 1.0.0.0
InternalName: WindowsFormsApplication1.exe
LegalCopyright: Copyright © Microsoft 2018
OriginalFilename: WindowsFormsApplication1.exe
ProductName: WindowsFormsApplication1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Generik.BEUZTFZ also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Dorifel.b!c
CynetMalicious (score: 100)
SkyhighRDN/Generic Dropper
MalwarebytesGeneric.Malware.AI.DDS
SangforDropper.Win32.Dorifel.Vxub
Cybereasonmalicious.fc2f28
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.BEUZTFZ
KasperskyHEUR:Trojan-Dropper.MSIL.Dorifel.gen
AlibabaTrojanDropper:MSIL/Dorifel.fe40de89
AvastWin32:Malware-gen
RisingDropper.Dorifel!8.31E (CLOUD)
F-SecureTrojan.TR/Redcap.qqkij
DrWebTrojan.DownLoader27.3192
ZillyaDropper.Dorifel.Win32.20715
TrendMicroTROJ_GEN.R002C0PAG24
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDropper.MSIL.bkto
GoogleDetected
AviraTR/Redcap.qqkij
Antiy-AVLTrojan[Dropper]/MSIL.Dorifel
KingsoftWin32.Trojan.Generic.a
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Trojan-Dropper.MSIL.Dorifel.gen
GDataWin32.Trojan.Agent.4U13AH
AhnLab-V3Trojan/Win.Dropper.C5003357
McAfeeRDN/Generic Dropper
VBA32TrojanDropper.MSIL.Dorifel
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0PAG24
TencentMsil.Trojan-Dropper.Dorifel.Ekjl
YandexTrojan.DownLoader!umKxlE1utu0
IkarusTrojan.SuspectCRC
MaxSecureTrojan.Malware.3411146.susgen
FortinetW32/Dorifel!tr
BitDefenderThetaGen:NN.ZemsilF.36744.Zm0@aqnD7kh
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Generik.BEUZTFZ?

Generik.BEUZTFZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment