PUA

PUA.Advertisog.Gen malicious file

Malware Removal

The PUA.Advertisog.Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA.Advertisog.Gen virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine PUA.Advertisog.Gen?



File Info:

name: D331B84F69127D4CF75A.mlw
path: /opt/CAPEv2/storage/binaries/c51f8cbc74e2c0108482c1839c4aa09a9cd81311874dda733aa3474dae099a82
crc32: 488AD7F1
md5: d331b84f69127d4cf75a635d0cda75d0
sha1: 546cbe712503093fe4aedd0213f3cd90f980faa8
sha256: c51f8cbc74e2c0108482c1839c4aa09a9cd81311874dda733aa3474dae099a82
sha512: 99d6819c50fe2842d7e4240a3d7d778977479d8d2ecbd6748c26f1a012d16d209506ea9568ebe70d9ebbfdba2f742e9eb746dc167d6ecf13f602ec67bf2c73f8
ssdeep: 12288:AnvpTwm1qDz6K+NHBl79rPOCjnkHN/Sosvc30wXHP5Gzr9WEm8nlpuEx9ojSVo:AnvBwmQCNhPqNHN/NHkLNWHulpuq9of
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19BE42302EF26557CC1A18FB58C5AE688DF23BC432AF1115633EE89DE1FB7A409446763
sha3_384: 883c17c257a3b692116b8a011bfef666a586512ccf9c1af9c3929ba81e6d26ec53f848a948aee71e0e9133e26aff76b4
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription:                                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName:                                                             
ProductVersion:                     
Translation: 0x0000 0x04b0

PUA.Advertisog.Gen also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
FireEyeGeneric.mg.d331b84f69127d4c
CAT-QuickHealPUA.Advertisog.Gen
SkyhighArtemis
McAfeeArtemis!D331B84F6912
Cylanceunsafe
ZillyaTrojan.InstallCoreCRTD.Win32.1533
SangforSuspicious.Win32.Save.ins
K7AntiVirusAdware ( 0058411c1 )
AlibabaAdWare:Win32/InstallCore.f8173096
K7GWAdware ( 0058411c1 )
CrowdStrikewin/grayware_confidence_100% (D)
VirITPUP.Win32.Advertiso.A
SymantecTrojan.Gen.2
tehtrisGeneric.Malware
ESET-NOD32Win32/InstallCore.Gen.A potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Installcore-1261
Kasperskynot-a-virus:HEUR:AdWare.Win32.DealPly.gen
NANO-AntivirusRiskware.Win32.InstallCore.dcnbja
SUPERAntiSpywarePUP.InstallCore/Variant
AvastWin32:PUP-gen [PUP]
TencentMalware.Win32.Gencirc.10b17f57
EmsisoftApplication.InstallCore (A)
BaiduWin32.Adware.InstallCore.a
F-SecurePotentialRisk.PUA/InstallCore.Gen7
DrWebTrojan.MulDrop5.10078
Trapminemalicious.high.ml.score
SophosInstall Core Click run software (PUA)
IkarusTrojan.Win32.Injected
WebrootW32.Adware.Gen
AviraPUA/InstallCore.Gen7
Antiy-AVLTrojan/Win32.SGeneric
XcitiumApplication.Win32.Installcore.ADV@58yn8p
MicrosoftPUADlManager:Win32/InstallCore
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.DealPly.gen
GDataWin32.Adware.InstallCore.FS
VaristW32/A-dbe1ec51!Eldorado
VBA32Malware-Cryptor.InstallCore.gen
MalwarebytesPUP.Optional.InstallCore
RisingAdware.InstallCore!1.AB2C (CLASSIC)
YandexPUA.InstallCore!4B3Hx0HwN28
SentinelOneStatic AI – Malicious PE
MaxSecurenot-a-virus:Adware.DealPly.apfow
FortinetRiskware/InstallCore
AVGWin32:PUP-gen [PUP]
DeepInstinctMALICIOUS

How to remove PUA.Advertisog.Gen?

PUA.Advertisog.Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment