Malware

Heur.BZC.VAF.Boxter.800.063B6B51 information

Malware Removal

The Heur.BZC.VAF.Boxter.800.063B6B51 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Heur.BZC.VAF.Boxter.800.063B6B51 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Attempts to execute suspicious powershell command arguments

How to determine Heur.BZC.VAF.Boxter.800.063B6B51?



File Info:

name: 8BA9841662430222CA8E.mlw
path: /opt/CAPEv2/storage/binaries/76ea26e854c3a9769ef336b4eeffe19d39dc19dcaaa4751b3769e1dbce8e76e0
crc32: DA7D8D4F
md5: 8ba9841662430222ca8e181cf3f81265
sha1: 5cc0ed3cf1599eceb7f1e0f2c2a826a366b12f8f
sha256: 76ea26e854c3a9769ef336b4eeffe19d39dc19dcaaa4751b3769e1dbce8e76e0
sha512: 124baf6a380aa01d2ec6417114ee864716435c83b8a30e785c7fd9817d163e4e35ccba0ffd5c7b4062fa6442bac6a7274acbec7f19dcadd2c293e14e7b4fd64e
ssdeep: 49152:uQdfzNxUfxm6X0aS3xDgEhEGXR3ceLORfnAPmK:TfkpP0agxDgEhpRtiRf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F9666716D2FA430FFAF36BF0E9B483750D367C6AAA3481CD2B5435691831F918968727
sha3_384: 4723ae84151e8867a68ed2363c89b0493e59008e16b62ac11898114aae3c22682d7ed7b2a99ebe32711dedd4cebfdbe7
ep_bytes: e8070b0000e905000000cccccccccc6a
timestamp: 2013-10-14 05:50:27


Version Info:

CompanyName: Realtek Semiconductor
FileDescription: Realtek HD audio menadžer
FileVersion: 1.0.536.1
InternalName: RtkNGui.exe
LegalCopyright: 2015 (c) Realtek Semiconductor.  All rights reserved.
OriginalFilename: RtkNGui.exe
ProductName: Realtek HD audio menadžer
ProductVersion: 1.0.536.1
Translation: 0x0419 0x04e4

Heur.BZC.VAF.Boxter.800.063B6B51 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanHeur.BZC.VAF.Boxter.800.063B6B51
FireEyeGeneric.mg.8ba9841662430222
McAfeeArtemis!8BA984166243
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005470c21 )
AlibabaTrojanDownloader:Application/PowerShell.fb8eb910
K7GWTrojan ( 005470c21 )
ESET-NOD32PowerShell/TrojanDownloader.Agent.BCK
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.xapigc
BitDefenderHeur.BZC.VAF.Boxter.800.063B6B51
NANO-AntivirusTrojan.Win32.Generic.fndohy
TencentWin32.Trojan-downloader.Agent.Edob
Ad-AwareHeur.BZC.VAF.Boxter.800.063B6B51
EmsisoftHeur.BZC.VAF.Boxter.800.063B6B51 (B)
ZillyaDownloader.Agent.Win32.376762
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataHeur.BZC.VAF.Boxter.800.063B6B51
WebrootW32.Trojan.Gen
AviraTR/Dropper.naevb
ArcabitHeur.BZC.VAF.Boxter.800.063B6B51
MicrosoftTrojan:Win32/Occamy.C76
CynetMalicious (score: 99)
AhnLab-V3Malware/Gen.Generic.C3001169
ALYacHeur.BZC.VAF.Boxter.800.063B6B51
MAXmalware (ai score=99)
MalwarebytesTrojan.PowerShellSP
IkarusTrojan-Downloader.PowerShell.Agent
MaxSecureTrojan.Malware.1728101.susgen
FortinetPowerShell/Agent.BCK!tr.dldr
PandaTrj/CI.A

How to remove Heur.BZC.VAF.Boxter.800.063B6B51?

Heur.BZC.VAF.Boxter.800.063B6B51 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment