Categories: Malware

What is “MemScan:Application.Bundler.Firseria.D”?

The MemScan:Application.Bundler.Firseria.D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What MemScan:Application.Bundler.Firseria.D virus can do?

Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Detects VirtualBox through the presence of a registry key
Powershell arguments were seen on a command line but powershell.exe was not called. Likely indictive of renamed/obfuscated powershell.exe or defining arguments in variables for later use
Anomalous binary characteristics

How to determine MemScan:Application.Bundler.Firseria.D?


File Info:
name: EF57DAEC35436720AED2.mlwpath: /opt/CAPEv2/storage/binaries/3a04cf27ffd772d8f351965136f8099287df0847c75814de474d59963fe77f60crc32: 88ABFAD1md5: ef57daec35436720aed2a4972826eab7sha1: c72eb5c3b1fbd4e37e63a96ec0af68017d58cb5bsha256: 3a04cf27ffd772d8f351965136f8099287df0847c75814de474d59963fe77f60sha512: bfdc5c0a38b86b74410d52087899654703e4386d58a0f51e878a7a3b0c5bea351043c6e56cecc677162882429f30feea0620d755f4b54ff066c32d1f727fc8b5ssdeep: 12288:enKfycV2ImdvPGBFfi8WuJ6+1x0KCYT88VtX0M:uKfdV2HtPgFfN9/pD7type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11AF4E064704C8132D76216F85B84F2F8DAECBC71152405BFA7DDC62B1E9E0729B192FAsha3_384: 580e9582eb6a1defc92959bdb8dfeb26982075a4da86c06071bac6f708660dcff332c913fffdc1fddbf89c72a2e93af8ep_bytes: e87c790000e989feffff8bff558bec83timestamp: 2014-06-05 00:59:07
Version Info:
CompanyName: AppinstallrFileDescription: setup mngerFileVersion: 3.1.12.8InternalName: appinstall.exeLegalCopyright: copyright © 2014ProductVersion: 3.1.14Translation: 0x0000 0x04b0

MemScan:Application.Bundler.Firseria.D also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	MemScan:Application.Bundler.Firseria.D
FireEye	Generic.mg.ef57daec35436720
CAT-QuickHeal	PUA.Firseriasl.Gen
Skyhigh	BehavesLike.Win32.CoinMiner.bh
McAfee	GenericRXHC-DA!EF57DAEC3543
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	MemScan:Application.Bundler.Firseria.D
Sangfor	Virus.Win32.Save.a
Cybereason	malicious.c35436
VirIT	Adware.Win32.Downware.GOQ
Symantec	SMG.Heur!gen
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/FirseriaInstaller.J potentially unwanted
APEX	Malicious
ClamAV	Win.Adware.Agent-1112064
Kaspersky	not-a-virus:AdWare.Win32.Fiseria.fj
BitDefender	MemScan:Application.Bundler.Firseria.D
NANO-Antivirus	Riskware.Win32.Adw.daugbj
Avast	Win32:Firseria-A [PUP]
Emsisoft	MemScan:Application.Bundler.Firseria.D (B)
Google	Detected
DrWeb	Adware.Downware.4436
Trapmine	malicious.high.ml.score
Sophos	Solimba Installer (PUA)
Ikarus	PUA.Morstar
Jiangmin	AdWare/Fiseria.b
Antiy-AVL	Trojan[Downloader]/Win32.Firser.a
Kingsoft	malware.kb.a.994
Microsoft	TrojanDropper:Win32/Sventore.B
Xcitium	Application.Win32.Solimba.J@516pws
Arcabit	Application.Bundler.Firseria.D
ZoneAlarm	not-a-virus:AdWare.Win32.Fiseria.fj
GData	Win32.Trojan.PSE.1556PV7
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Generic.C5592248
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.36802.Uy1@aq1!SAoO
ALYac	MemScan:Application.Bundler.Firseria.D
MAX	malware (ai score=71)
VBA32	BScope.Downloader.Morstar
Cylance	unsafe
Rising	Trojan.Generic@AI.100 (RDML:EjBhfNZ5tVHExRKvZLWsdw)
Yandex	Trojan.GenAsa!LwK2PzhXsFQ
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Generic.AC.C8ED!tr
AVG	Win32:Firseria-A [PUP]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_60% (D)