PUA

About “PUA.GenericCS.S27729936” infection

Malware Removal

The PUA.GenericCS.S27729936 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA.GenericCS.S27729936 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Arabic (Libya)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine PUA.GenericCS.S27729936?


File Info:

name: F7D74D54C1BDE843418A.mlw
path: /opt/CAPEv2/storage/binaries/7500e6d472babc892383cc0221b317ba0007bc07164a3171322fb672364e495c
crc32: 8004485B
md5: f7d74d54c1bde843418adaf86b6a39aa
sha1: 43160af0f491e3e06674b368c795d15f0b3be8bf
sha256: 7500e6d472babc892383cc0221b317ba0007bc07164a3171322fb672364e495c
sha512: 3fd2606de48a3610ba56bad74225dd3768ae1cb0264426df14a20d3d170947914692a35a3e8035071582926af18d7628e7f038433990aa89dc88e71d2c10e3e8
ssdeep: 384:alF5u+XVNu9/efxYp2N68wfmtowUfMI13A9:WPu+XVY9/eJZZw+tBUku3w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16C037635D7E945B5F37BCB3A96B642C8982AFD313F01A9CE909D32440533B86D8B059E
sha3_384: 806cda18dd57ec4a9e81ff8d4ab7ca9a3d996d479194f2b1a6ddeea0443a087213c52ebf2992e5a990fc43d3911b36c3
ep_bytes: 57565351e87ef4ffffc3cccccccccccc
timestamp: 1973-03-03 10:25:35

Version Info:

CompanyName: JineJong
FileDescription: JineJong company
FileVersion: Version 2.5.23
InternalName: JineJong
LegalCopyright: Copyright by JineJong
OriginalFilename: JineJong
Translation: 0x040b 0x04e2

PUA.GenericCS.S27729936 also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Ppatre.Gen.1
FireEyeGeneric.mg.f7d74d54c1bde843
CAT-QuickHealPUA.GenericCS.S27729936
McAfeeUpatre-FAEL!F7D74D54C1BD
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 0052964f1 )
K7GWTrojan ( 0052964f1 )
Cybereasonmalicious.4c1bde
BitDefenderThetaGen:NN.ZexaF.34712.cq1@aGyzVyiG
CyrenW32/Upatre.GR.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Waski.A
BaiduWin32.Trojan-Downloader.Waski.a
TrendMicro-HouseCallTROJ_UPATRE.SM37
ClamAVWin.Downloader.Upatre-6840800-0
KasperskyTrojan-Downloader.Win32.Upatre.bla
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.Upatre.dfecyf
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:Agent-AULS [Trj]
TencentTrojan-Downloader.Win32.Waski.16000151
Ad-AwareTrojan.Ppatre.Gen.1
EmsisoftTrojan.Ppatre.Gen.1 (B)
ComodoTrojWare.Win32.TrojanDownloader.Upatre.AAL@5iclp5
DrWebTrojan.DownLoad3.34292
ZillyaDownloader.Upatre.Win32.70504
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionBehavesLike.Win32.Downloader.nt
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/HkMain-AZ
APEXMalicious
JiangminTrojanDownloader.Upatre.p
AviraHEUR/AGEN.1237752
MicrosoftTrojan:Win32/PWSZbot.GSB!MTB
ArcabitTrojan.Ppatre.Gen.1
GDataWin32.Trojan-Downloader.Upatre.BK
CynetMalicious (score: 100)
AhnLab-V3Downloader/Win.Upatre.R493522
VBA32TrojanDownloader.Upatre
ALYacTrojan.Ppatre.Gen.1
MAXmalware (ai score=89)
MalwarebytesMalware.AI.4043305281
RisingDownloader.Waski!1.A489 (CLASSIC)
YandexTrojan.GenAsa!+rIQ7cDoUXQ
IkarusTrojan.Win32.Bublik
MaxSecureTrojan.Upatre.Gen
FortinetW32/Waski.A!tr
AVGWin32:Agent-AULS [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove PUA.GenericCS.S27729936?

PUA.GenericCS.S27729936 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment