PUA

PUA.AgentRI.S24805866 removal tips

Malware Removal

The PUA.AgentRI.S24805866 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA.AgentRI.S24805866 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine PUA.AgentRI.S24805866?


File Info:

name: 7EB862B284B4534CADDD.mlw
path: /opt/CAPEv2/storage/binaries/9a6ea3b9c6b9df88aea969603557c25c845e1a863cc0c7ecf1d63cb3f6ace41a
crc32: A88E4E94
md5: 7eb862b284b4534caddd9c47f3f59483
sha1: d8e850663b59438725ca9ff77b972813e9fe0716
sha256: 9a6ea3b9c6b9df88aea969603557c25c845e1a863cc0c7ecf1d63cb3f6ace41a
sha512: 86808ff623409dda9290fdc2f9df489dbb49937642694f740dcc3b091205962630a3f480677908cdb5f317b808cedfe028d17f093b2e2665e233849b2d37a303
ssdeep: 24576:3yszy7L5O1KvBDfIyPBKXCgN00Lcz+LIX4uu2/5V64:7zy7LootBA0aub/5V9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E845AE307641C032E9B350B19ABED65A452CBE20072694D7E3D87C2E5FB0AD2BB36757
sha3_384: 57804e067d651a25af994e30d520e9bdc1203c171934329b44ef5932151b70ad59c9f727208a6a343b0f3b83fc5e8f94
ep_bytes: e89f050000e98efeffff558bec6a00ff
timestamp: 2021-09-08 02:52:41

Version Info:

Comments: www.hhrspb7.top
CompanyName: 上海广乐网络科技有限公司
FileDescription: KZReport
FileVersion: 3.3.1.2
InternalName: KZReport
LegalCopyright: 上海广乐网络科技有限公司
OriginalFilename: KZReport.exe
ProductName: 快压
ProductVersion: 3.3.1.2
Translation: 0x0804 0x04b0

PUA.AgentRI.S24805866 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.lz2@YcWMa8nj
FireEyeGeneric.mg.7eb862b284b4534c
CAT-QuickHealPUA.AgentRI.S24805866
McAfeePUP-XQT-ZC
CylanceUnsafe
ZillyaAdware.KuziTui.Win32.1799
SangforVirus_Suspicious.Win32.Sality.bh
K7AntiVirusAdware ( 0055d7221 )
K7GWAdware ( 0055d7221 )
Cybereasonmalicious.284b45
CyrenW32/KuaiZip.U.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/KuaiZip.AB potentially unwanted
APEXMalicious
Kasperskynot-a-virus:HEUR:AdWare.Win32.KuziTui.gen
BitDefenderGen:Trojan.Heur.lz2@YcWMa8nj
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
AvastWin32:Sality [Inf]
TencentPua:Adware.Win32.Kuzitui.16000042
Ad-AwareGen:Trojan.Heur.lz2@YcWMa8nj
EmsisoftGen:Trojan.Heur.lz2@YcWMa8nj (B)
VIPREVirus.Win32.Sality.atbh (v)
McAfee-GW-EditionBehavesLike.Win32.Generic.th
SophosGeneric ML PUA (PUA)
IkarusPUA.Adposhel
GDataGen:Trojan.Heur.lz2@YcWMa8nj
JiangminAdWare.KuziTui.abt
Antiy-AVLTrojan/Generic.ASMalwS.34D3786
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.RL_Generic.R371064
Acronissuspicious
BitDefenderThetaAI:Packer.D66C91031C
ALYacGen:Trojan.Heur.lz2@YcWMa8nj
MAXmalware (ai score=89)
VBA32BScope.Adware.Burden
MalwarebytesPUP.Optional.Kuaizip
RisingAdware.Agent!1.C6CF (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetAdware/KuaiZip.AB
AVGWin32:Sality [Inf]
MaxSecureAdware.WIN32.KuziTui.gen_217964

How to remove PUA.AgentRI.S24805866?

PUA.AgentRI.S24805866 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment