Malware

Generik.CTHDKPU removal tips

Malware Removal

The Generik.CTHDKPU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.CTHDKPU virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Network activity contains more than one unique useragent.
  • CAPE detected the Vidar malware family
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Generik.CTHDKPU?



File Info:

name: ABD4911FC8D474A34D58.mlw
path: /opt/CAPEv2/storage/binaries/bf59251e13994ba03d1d02b6f7fb8a1a70051b9e0f32bd6e4ca8f422f7ab09bb
crc32: 706D01C9
md5: abd4911fc8d474a34d58e423d2d804f9
sha1: 3e46fb56d1370243e1e2799fe3241e2bf0fc04f4
sha256: bf59251e13994ba03d1d02b6f7fb8a1a70051b9e0f32bd6e4ca8f422f7ab09bb
sha512: d3b5bdf963e997ea08deea608d9c103dcf84ec03f87e84fd462925a9ad7e1f2f02187dee54bc2cdbe7dd249359f70c08f2da66239351edbb8b0b5142afc4ce8e
ssdeep: 24576:dMyMzC8+ovorlBtugg0uHqJkSkSZI7C8JaYRHwOwhNGWwQ58Xaj8Oac:dMHF+lxuPHYkSfI77aYRQOaHac
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1134501037A254403E1580A7249E697E53B3EBD17B6036E1FF788BE2D1CB27462DE057A
sha3_384: 9f0bdc2f99c3e30a9c4229c4c711a473cf104f37b3413a6c760719093f2733e18b4b15aa6cd3c3e7cfc4c3fa75b6309b
ep_bytes: 6860274000e8f0ffffff000000000000
timestamp: 2021-12-10 11:49:13


Version Info:

Translation: 0x0407 0x04b0
ProductName: UniverseImmortalSouls
FileVersion: 1.00
ProductVersion: 1.00
InternalName: reiudxamcsyuasdx
OriginalFilename: reiudxamcsyuasdx.exe

Generik.CTHDKPU also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Chapak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Babar.21351
FireEyeGeneric.mg.abd4911fc8d474a3
McAfeeFareit-FST!ABD4911FC8D4
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Chapak.d079a995
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.fc8d47
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.CTHDKPU
TrendMicro-HouseCallTrojanSpy.Win32.AZORULT.YXBLPZ
Paloaltogeneric.ml
KasperskyTrojan.Win32.Chapak.fcma
BitDefenderGen:Variant.Babar.21351
AvastWin32:PWSX-gen [Trj]
Ad-AwareGen:Variant.Babar.21351
SophosGeneric ML PUA (PUA)
TrendMicroTrojanSpy.Win32.AZORULT.YXBLPZ
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftGen:Variant.Babar.21351 (B)
IkarusTrojan.SuspectCRC
GDataGen:Variant.Babar.21351
JiangminTrojan.Chapak.pkl
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.34EC4AC
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Babar.D5367
MicrosoftTrojan:Win32/Mamson.A!ac
CynetMalicious (score: 100)
ALYacGen:Variant.Babar.21351
MAXmalware (ai score=85)
VBA32TrojanPSW.Convagent
MalwarebytesSpyware.PasswordStealer
APEXMalicious
RisingTrojan.Injector!1.C6AF (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/PossibleThreat
AVGWin32:PWSX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Generik.CTHDKPU?

Generik.CTHDKPU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment