PUA

Go For Files (PUA) information

Malware Removal

The Go For Files (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Go For Files (PUA) virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics

How to determine Go For Files (PUA)?



File Info:

name: 682DF0D1ECA32E1771F0.mlw
path: /opt/CAPEv2/storage/binaries/4b02651da8af60bd9f3320ace93def809dce70c2f783acfa7ff174f472cea181
crc32: 8C9281CA
md5: 682df0d1eca32e1771f01f02ecbf6241
sha1: 7fb7e21e0790b3ca52b7c200c0ef7957ee705ab1
sha256: 4b02651da8af60bd9f3320ace93def809dce70c2f783acfa7ff174f472cea181
sha512: 6567f2d9823d708655b4998ae58a62518844d1a6f52275975045020670719fd1af3b47242c7a75a7728508f2ef2a34fec56607cbc566ae2875a3b395fe8e37bb
ssdeep: 12288:QYW3jRKDVF5jz7yAhwDYtmaF0TjklTP7C3fZM4LrCoUdvifnfR:Q1jRy+AhwDYtma4gTP7C3fZM4vClwfnZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10FD49C26BFB0C136C1A2D0F148A383E946B5ADF01E3269C776E4772E5F706C1DA3A255
sha3_384: 52406b62c095073e60cb6b324edc40290c7faeb8e8c8943f15b59c4a25fc6cf4bd9715984a33d2fba73ed7ea012e88b1
ep_bytes: e816a10000e989feffffcccccccccccc
timestamp: 2014-04-04 09:02:00


Version Info:

FileDescription: HitsBlender Installer
CompanyName: Blisbury LLP.
FileVersion: 1.0.0.1
InternalName: HitsBlender Installer
LegalCopyright: Copyright http://HitsBlender.com (C) 2014
OriginalFilename: HitsBlenderInstaller.exe
ProductName: HitsBlender Installer
ProductVersion: 1.0.0.1
Translation: 0x0009 0x04b0

Go For Files (PUA) also known as:

BkavW32.AIDetectMalware
FireEyeGeneric.mg.682df0d1eca32e17
ZillyaAdware.OutBrowse.Win32.83617
SangforTrojan.Win32.Save.a
K7GWTrojan ( 0049f5cd1 )
K7AntiVirusTrojan ( 0049f5cd1 )
VirITAdware.Win32.Downware.RLX
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/SimpleFiles.A potentially unwanted
AvastWin32:ExpressDload-AH [PUP]
EmsisoftApplication.Downloader (A)
DrWebAdware.Downware.11801
Trapminemalicious.moderate.ml.score
SophosGo For Files (PUA)
SentinelOneStatic AI – Suspicious PE
Antiy-AVLGrayWare/Win32.SimpleFiles
MicrosoftPUADlManager:Win32/ExpressDownloader
SUPERAntiSpywarePUP.ExpressDownloader/Variant
VBA32BScope.Adware.Downware
MalwarebytesGeneric.Malware.AI.DDS
RisingAdware.ExpressDownloader!1.A207 (CLASSIC)
YandexRiskware.Agent!sshdv+2Lgnw
MaxSecureTrojan.Malware.7164915.susgen
AVGWin32:ExpressDload-AH [PUP]

How to remove Go For Files (PUA)?

Go For Files (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment