Malware

Generik.EABSCSK (file analysis)

Malware Removal

The Generik.EABSCSK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generik.EABSCSK virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: 78C4C523FE6A7DE58D79.mlw
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a device
  • Detects VirtualBox through the presence of a registry key
  • Attempts to modify proxy settings

How to determine Generik.EABSCSK?



File Info:

name: 78C4C523FE6A7DE58D79.mlw
path: /opt/CAPEv2/storage/binaries/8f9ff0227f4ce6ed3259d5f2f8bfd8c54496e9896ad5f522cdd768911be4b4bc
crc32: 92631F65
md5: 78c4c523fe6a7de58d799cf84e41553d
sha1: d380a74c0264d2f6f7c6e5b374de1bff7ac32da3
sha256: 8f9ff0227f4ce6ed3259d5f2f8bfd8c54496e9896ad5f522cdd768911be4b4bc
sha512: 1c292dbce11f702bbe412285e89a760b14cbfcfe93830bc2a9f648327454be4e6549cbe77e28f4e5e36913c81094876d2b8909bc20481942a789c43ed0bbf5c1
ssdeep: 49152:w1ax/ZPqs4nF5Ud3hsvP8nqtKU73TIS2wNS3K7GZ5JgsvbFKdM8TMD5jCg8CB7K+:wuxld3cEqkQDIJiePgmWM3V8E74D
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13CC53399BF79682BC584A23A598BC38434F81977BCCE5E9AB05D5FCC401968B9FC13C1
sha3_384: 0bcc5f64e3c96d38e5956b1c75560863a18647c478199c14f8800a5ba58c886378f07f94f0910267528af82598812d00
ep_bytes: eb059a3ed0b87750eb05f025674e97e8
timestamp: 2021-12-29 18:33:55


Version Info:

CompanyName: Glarysoft Ltd
FileDescription: Glary Utilities Installer
LegalCopyright: Copyright (c) 2003 - 2021 Glarysoft Ltd
ProductName: Glary Utilities 5
ProductVersion: 5.178.0.206
Translation: 0x0000 0x04e9

Generik.EABSCSK also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Stealer.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38431216
FireEyeGeneric.mg.78c4c523fe6a7de5
McAfeeArtemis!78C4C523FE6A
MalwarebytesTrojan.MalPack
K7AntiVirusTrojan ( 0058c89b1 )
AlibabaExploit:Win32/Shellcode.7e676072
K7GWTrojan ( 0058c89b1 )
CrowdStrikewin/malicious_confidence_70% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.EABSCSK
APEXMalicious
ClamAVWin.Malware.Generic-9918574-0
KasperskyExploit.Win32.Shellcode.afpt
BitDefenderTrojan.GenericKD.38431216
AvastWin32:Trojan-gen
RisingTrojan.Generic@ML.93 (RDMK:ckEF1CVrT0fkLdAOoH2n2A)
Ad-AwareTrojan.GenericKD.38431216
SophosMal/Generic-S
DrWebTrojan.Siggen16.24667
TrendMicroTROJ_FRS.VSNTA322
McAfee-GW-EditionBehavesLike.Win32.Trojan.vc
EmsisoftTrojan.GenericKD.38431216 (B)
IkarusTrojan.Win32.Obsidium
GDataWin32.Trojan-Stealer.PSWSteal.1IH3E1
KingsoftWin32.Heur.KVMH015.a.(kcloud)
MicrosoftTrojan:Win32/Vidar.AA!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4895635
BitDefenderThetaGen:NN.ZexaF.34114.Ks3@aiwKyCji
ALYacTrojan.GenericKD.38431216
MAXmalware (ai score=85)
VBA32BScope.Trojan.Wacatac
TrendMicro-HouseCallTROJ_FRS.VSNTA322
SentinelOneStatic AI – Malicious PE
FortinetW32/PossibleThreat
AVGWin32:Trojan-gen
Cybereasonmalicious.c0264d

How to remove Generik.EABSCSK?

Generik.EABSCSK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment