Malware

Should I remove “Jaik.49529”?

Malware Removal

The Jaik.49529 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Jaik.49529 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Latvian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Network activity detected but not expressed in API logs
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Jaik.49529?



File Info:

name: 75CBB6418064E427E707.mlw
path: /opt/CAPEv2/storage/binaries/f28f7a0d94df74ae02cf848e11037adc9bc9fceae45b28988cfcde5c71de920a
crc32: 4A36A81A
md5: 75cbb6418064e427e7071c23c5b3e9ec
sha1: 30ce348c413b4c2f28ae87b5323eb31bb09c2453
sha256: f28f7a0d94df74ae02cf848e11037adc9bc9fceae45b28988cfcde5c71de920a
sha512: 8fadac618f0cdd0761fcf65c8cd6c0935f6095a2d08831f481012c792d5b4257be7bd7648c78888b758dc222df938855fab30b7c20c89b2d32d91e56aefbca00
ssdeep: 1536:1DyNA5j1C6rite10g3B4RnCZLM27FDelyaF49o1pR458p6HZ9CZTl2:1mNA1oyitAn35DyBFxpC5/CZTl2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142E3BF2072E480F5D5A7263068B0EBE51E7A7C72E670064B77A8177F1F702E06AA535F
sha3_384: 2816cf61066ecc6accfc85b9524059110bd202f3469ad810212bfbdcb74bb9412406a86a54b3112c99afd6250099c630
ep_bytes: e8502a0000e989feffffcccccccccccc
timestamp: 2021-04-28 04:17:52


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.25
Translation: 0x0114 0x046a

Jaik.49529 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Jaik.49529
FireEyeGeneric.mg.75cbb6418064e427
McAfeeLockbit-FSWW!75CBB6418064
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7GWHacktool ( 700007861 )
Cybereasonmalicious.c413b4
BitDefenderThetaGen:NN.ZexaF.34294.jq0@aiRD!ZlI
CyrenW32/Kryptik.FUG.gen!Eldorado
SymantecML.Attribute.HighConfidence
Paloaltogeneric.ml
KasperskyVHO:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Variant.Jaik.49529
AvastFileRepMetagen [Malware]
Ad-AwareGen:Variant.Jaik.49529
SophosTroj/Krypt-BO
McAfee-GW-EditionPacked-GEE!75CBB6418064
EmsisoftGen:Variant.Jaik.49529 (B)
IkarusTrojan-Ransom.StopCrypt
GDataGen:Variant.Jaik.49529
eGambitUnsafe.AI_Score_100%
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
MalwarebytesMachineLearning/Anomalous.100%
APEXMalicious
RisingMalware.Heuristic!ET#80% (RDMK:cmRtazqVS64mCWtEuqZXIwPojTcg)
SentinelOneStatic AI – Malicious PE
AVGFileRepMetagen [Malware]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Jaik.49529?

Jaik.49529 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment