Categories: PUA

About “KuaiZip (PUA)” infection

The KuaiZip (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What KuaiZip (PUA) virus can do?

  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Queries information on disks, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings

Related domains:

z.whorecord.xyz
tj.kpzip.com
news.7654.com
a.tomx.xyz

How to determine KuaiZip (PUA)?



File Info:

crc32: EE20F720md5: f61cceee1738f96dd5824674f1e6ac47name: mininews-1.exesha1: 1bd72c26387db070aeeded6bd8fac9c628d8568asha256: 55e87d01e31552a819f3a764020d1a1547e0a0b6dd3066556cfa0f284c03b454sha512: 10655f661999a6d4fe2ec4735b030dd36a5ff270954bb940f2492cd66158991a80b15a2272853df2829a8046bf311d939b54b3f1d2ae7a2287811207b14bb052ssdeep: 6144:rvKwFT9z+MJNPe0oSLfDPwQ6tj9WRydDOyroSYb2LoQ2e:Go9zpQ0JLDYQs9vayroSYKoQ2type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: InternalName: MiniNewsPlusFileVersion: 3.0.261.83CompanyName: LegalTrademarks: Comments: ProductName: ProductVersion: 3.0.261.83FileDescription: MiniNewsPlusTranslation: 0x0804 0x04e4

KuaiZip (PUA) also known as:

DrWeb Program.Kuaizip.6
MicroWorld-eScan Gen:Variant.Strictor.202171
FireEye Gen:Variant.Strictor.202171
CAT-QuickHeal Trojan.Kuaizip
McAfee Artemis!F61CCEEE1738
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Gen:Variant.Strictor.202171
K7GW Riskware ( 0040eff71 )
Cybereason malicious.e1738f
TrendMicro TROJ_GEN.R002C0PJR19
Symantec PUA.KpZip
APEX Malicious
Avast Win32:UnwantedSig [PUP]
GData Gen:Variant.Strictor.202171
Kaspersky not-a-virus:HEUR:RiskTool.Win32.KuaiZip.gen
Alibaba Backdoor:Win32/KZip.963f8835
NANO-Antivirus Riskware.Win32.KuaiZip.gkukdj
Ad-Aware Gen:Variant.Strictor.202171
Sophos KuaiZip (PUA)
Comodo Malware@#1kagbwj8euo53
F-Secure Adware.ADWARE/Kuaizip.kvrxb
Zillya Adware.KuaiZip.Win32.503
Invincea heuristic
McAfee-GW-Edition PUP-XHW-XZ
Emsisoft Gen:Variant.Strictor.202171 (B)
Cyren W32/Adware.RJPB-9341
Jiangmin RiskTool.KuaiZip.gl
MaxSecure Trojan.Malware.73580967.susgen
Avira ADWARE/Kuaizip.kvrxb
Antiy-AVL RiskWare[RiskTool]/Win32.KuaiZip
Endgame malicious (moderate confidence)
Arcabit Trojan.Strictor.D315BB
SUPERAntiSpyware PUP.KuaiZip/Variant
ZoneAlarm not-a-virus:HEUR:RiskTool.Win32.KuaiZip.gen
Microsoft PUA:Win32/KuaiZip
AhnLab-V3 PUP/Win32.KuaiZip.R296945
VBA32 suspected of Trojan.Downloader.gen.h
ALYac Gen:Variant.Strictor.202171
MAX malware (ai score=99)
Malwarebytes PUP.Optional.Kuaizip
Panda Trj/CI.A
ESET-NOD32 a variant of Win32/KuaiZip.W potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002C0PJR19
Rising Adware.KuaiZip!1.B8F3 (CLOUD)
Yandex PUA.KuaiZip!
SentinelOne DFI – Malicious PE
eGambit Unsafe.AI_Score_98%
Fortinet Riskware/KuaiZip
AVG FileRepMalware [PUP]

How to remove KuaiZip (PUA)?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzKuaiZip (PUA)MiniNewsPlusnews.7654.comtj.kpzip.comz.whorecord.xyz
4 years ago

Recent Posts

Application.Generic.3678684 malicious file

The Application.Generic.3678684 is considered dangerous by lots of security experts. When this infection is active,…

28 mins ago

Malware.AI.1560801952 malicious file

The Malware.AI.1560801952 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Malware.AI.3778280684 removal tips

The Malware.AI.3778280684 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Should I remove “Jalapeno.777”?

The Jalapeno.777 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

MSIL/Kryptik.ALMH (file analysis)

The MSIL/Kryptik.ALMH is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago

Should I remove “Trojan.Win32.Agent.xbmkrx”?

The Trojan.Win32.Agent.xbmkrx is considered dangerous by lots of security experts. When this infection is active,…

3 hours ago