Categories: Malware

Heur.BZC.ONG.Pantera.14.30E0BF79 removal instruction

The Heur.BZC.ONG.Pantera.14.30E0BF79 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Heur.BZC.ONG.Pantera.14.30E0BF79 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Anomalous file deletion behavior detected (10+)
Guard pages use detected – possible anti-debugging.
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
A script process created a new process
Creates a hidden or system file
A cryptomining command was executed
Attempts to execute suspicious powershell command arguments
Uses csc.exe C# compiler to build and execute code
Uses suspicious command line tools or Windows utilities

How to determine Heur.BZC.ONG.Pantera.14.30E0BF79?


File Info:
name: 110956CD98B7C1C1ED9B.mlwpath: /opt/CAPEv2/storage/binaries/ecfb2297c82517f354cb5fb9ba629cfe68b515b8a0255a01bbec9f9409b800f2crc32: 6AFCA740md5: 110956cd98b7c1c1ed9ba6c492fffe11sha1: 4c2a350af68d3bbe7e5ab44ba210d556ec701c65sha256: ecfb2297c82517f354cb5fb9ba629cfe68b515b8a0255a01bbec9f9409b800f2sha512: 1b4e48930de7c7b92e0cd30ba6b60e70f8b7be9b1d19db0524ffb91c281c31c4dda214f0d12b6ead9a0f834f6425c47c6aa19f99806c8fe837030d5f148a3674ssdeep: 393216:oqWzZG/3cpC3JGN5+VtsIvlpIIFb7fn+MOBKTppz:/WzwGC3Y5QjvfIQf+fwTpptype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T10DD633027391807AFF9AD6B34B65F641AB7E29250223C52F13981EB9B9701B1277D373sha3_384: bcbe42a3a4faf0ebf7d440849e70ae0ca2b9b67444fc57bc4ca68bed9025bd8eda592797f724bd1b53ff18243395d8ccep_bytes: e8c8d00000e97ffeffffcccccccccccctimestamp: 2022-05-12 08:00:40
Version Info:
Translation: 0x0809 0x04b0

Heur.BZC.ONG.Pantera.14.30E0BF79 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Heur.BZC.ONG.Pantera.14.30E0BF79
Cylance	Unsafe
Sangfor	Virus.Win32.Save.a
BitDefender	Heur.BZC.ONG.Pantera.14.30E0BF79
Cybereason	malicious.d98b7c
Cyren	W64/Trojan.YHUF-5132
tehtris	Generic.Malware
ESET-NOD32	multiple detections
APEX	Malicious
Kaspersky	Trojan.Win64.Miner.anea
Ad-Aware	Heur.BZC.ONG.Pantera.14.30E0BF79
Emsisoft	Heur.BZC.ONG.Pantera.14.30E0BF79 (B)
DrWeb	BAT.Hosts.41
TrendMicro	TROJ_GEN.R002C0DLI21
McAfee-GW-Edition	BehavesLike.Win32.Generic.rc
FireEye	Generic.mg.110956cd98b7c1c1
Sophos	Generic ML PUA (PUA)
GData	Heur.BZC.ONG.Pantera.14.8A17B6E4 (2x)
Avira	VBS/CoinMiner.VPA
MAX	malware (ai score=81)
Arcabit	Heur.BZC.ONG.Pantera.14.30E0BF79
ZoneAlarm	Trojan.Win64.Miner.anea
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win64.Generic.R373197
Acronis	suspicious
ALYac	Heur.BZC.ONG.Pantera.14.8A17B6E4
TrendMicro-HouseCall	TROJ_GEN.R002C0DLI21
Rising	HackTool.UACMe!8.4B36 (CLOUD)
Ikarus	Trojan.VBS.Runner
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W64/CoinMiner.44529422!tr
AVG	VBS:Miner-G [Trj]
Avast	VBS:Miner-G [Trj]