PUA

NSIS:Loderka-AU [PUP] removal guide

Malware Removal

The NSIS:Loderka-AU [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NSIS:Loderka-AU [PUP] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine NSIS:Loderka-AU [PUP]?



File Info:

name: E9713E706CF15DDA8ED0.mlw
path: /opt/CAPEv2/storage/binaries/f86a63a36fc783b6694634f38279fbadbd45c4472bcb8b13dc5691b1cb37c693
crc32: EFCA906E
md5: e9713e706cf15dda8ed0a85c148d4149
sha1: fd27dc79607c667fc6ad9c6474fb05f52a84e693
sha256: f86a63a36fc783b6694634f38279fbadbd45c4472bcb8b13dc5691b1cb37c693
sha512: baf67659f95a4d9d52d14c46cb6fd4448941e696c73a04aebb5cca23771a1012ee952fbfc35ab5ae28b71afc165ffd88f3c194d6f04b840a9cd76cfbc78bbdf5
ssdeep: 49152:Uedlj9tG5Hjb8wylplj4NhWgvHo941+fbP4rG5pi:Dnc5HjAwGd4N8gv24oVw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T183C52206F3879072D968167CC955C0B49D277CB81DE1142A7DF9FF8F3AB9382683A660
sha3_384: 0b7a6480bca3c4746e38d1fca25699cc30d2e0614d523764ab6ec149252011791280ef3cbab2ddfe792a044f584cf1ec
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2012-10-02 05:04:04


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Snapshot Games                                              
FileDescription: Setup For Phoenix Point                                     
FileVersion: 1.0.0               
LegalCopyright: © Snapshot Games                                                                                    
ProductName: Phoenix Point                                               
ProductVersion: 1.12                
Translation: 0x0000 0x04b0

NSIS:Loderka-AU [PUP] also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MalwarebytesGeneric.Malware/Suspicious
SangforPUP.Win32.Agent.V2jr
ESET-NOD32multiple detections
AvastNSIS:Loderka-AU [PUP]
DrWebAdware.Downware.20346
IkarusPUA.INNO.RePack
GoogleDetected
MaxSecureTrojan.Malware.74546411.susgen
AVGNSIS:Loderka-AU [PUP]
DeepInstinctMALICIOUS

How to remove NSIS:Loderka-AU [PUP]?

NSIS:Loderka-AU [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment