Malware

Heur.BZC.ONG.Pantera.14.30E0BF79 removal instruction

Malware Removal

The Heur.BZC.ONG.Pantera.14.30E0BF79 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Heur.BZC.ONG.Pantera.14.30E0BF79 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • A script process created a new process
  • Creates a hidden or system file
  • A cryptomining command was executed
  • Attempts to execute suspicious powershell command arguments
  • Uses csc.exe C# compiler to build and execute code
  • Uses suspicious command line tools or Windows utilities

How to determine Heur.BZC.ONG.Pantera.14.30E0BF79?


File Info:

name: 110956CD98B7C1C1ED9B.mlw
path: /opt/CAPEv2/storage/binaries/ecfb2297c82517f354cb5fb9ba629cfe68b515b8a0255a01bbec9f9409b800f2
crc32: 6AFCA740
md5: 110956cd98b7c1c1ed9ba6c492fffe11
sha1: 4c2a350af68d3bbe7e5ab44ba210d556ec701c65
sha256: ecfb2297c82517f354cb5fb9ba629cfe68b515b8a0255a01bbec9f9409b800f2
sha512: 1b4e48930de7c7b92e0cd30ba6b60e70f8b7be9b1d19db0524ffb91c281c31c4dda214f0d12b6ead9a0f834f6425c47c6aa19f99806c8fe837030d5f148a3674
ssdeep: 393216:oqWzZG/3cpC3JGN5+VtsIvlpIIFb7fn+MOBKTppz:/WzwGC3Y5QjvfIQf+fwTpp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10DD633027391807AFF9AD6B34B65F641AB7E29250223C52F13981EB9B9701B1277D373
sha3_384: bcbe42a3a4faf0ebf7d440849e70ae0ca2b9b67444fc57bc4ca68bed9025bd8eda592797f724bd1b53ff18243395d8cc
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2022-05-12 08:00:40

Version Info:

Translation: 0x0809 0x04b0

Heur.BZC.ONG.Pantera.14.30E0BF79 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanHeur.BZC.ONG.Pantera.14.30E0BF79
CylanceUnsafe
SangforVirus.Win32.Save.a
BitDefenderHeur.BZC.ONG.Pantera.14.30E0BF79
Cybereasonmalicious.d98b7c
CyrenW64/Trojan.YHUF-5132
tehtrisGeneric.Malware
ESET-NOD32multiple detections
APEXMalicious
KasperskyTrojan.Win64.Miner.anea
Ad-AwareHeur.BZC.ONG.Pantera.14.30E0BF79
EmsisoftHeur.BZC.ONG.Pantera.14.30E0BF79 (B)
DrWebBAT.Hosts.41
TrendMicroTROJ_GEN.R002C0DLI21
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
FireEyeGeneric.mg.110956cd98b7c1c1
SophosGeneric ML PUA (PUA)
GDataHeur.BZC.ONG.Pantera.14.8A17B6E4 (2x)
AviraVBS/CoinMiner.VPA
MAXmalware (ai score=81)
ArcabitHeur.BZC.ONG.Pantera.14.30E0BF79
ZoneAlarmTrojan.Win64.Miner.anea
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Win64.Generic.R373197
Acronissuspicious
ALYacHeur.BZC.ONG.Pantera.14.8A17B6E4
TrendMicro-HouseCallTROJ_GEN.R002C0DLI21
RisingHackTool.UACMe!8.4B36 (CLOUD)
IkarusTrojan.VBS.Runner
MaxSecureTrojan.Malware.300983.susgen
FortinetW64/CoinMiner.44529422!tr
AVGVBS:Miner-G [Trj]
AvastVBS:Miner-G [Trj]

How to remove Heur.BZC.ONG.Pantera.14.30E0BF79?

Heur.BZC.ONG.Pantera.14.30E0BF79 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment