PUA

PUA.GenericPMF.S24144027 (file analysis)

Malware Removal

The PUA.GenericPMF.S24144027 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA.GenericPMF.S24144027 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Created a service that was not started

How to determine PUA.GenericPMF.S24144027?


File Info:

name: 6E554BBE0DCBE0257486.mlw
path: /opt/CAPEv2/storage/binaries/b6e86249628ae65231fab775a4691240be6cc3b804a685b114e3e1213100ba06
crc32: B9A4CDE7
md5: 6e554bbe0dcbe02574869e81130373b4
sha1: b7ecf020d24aacb4bf52ed31096499a3bfaf8344
sha256: b6e86249628ae65231fab775a4691240be6cc3b804a685b114e3e1213100ba06
sha512: 7cb2d14e1feedf52794c7336b9cba355c951863aa2ef4ff38c14e4d082a1a99a0574083dd5463a673c105b0be46e32281711820c36eec86e66e911c10dd0cb57
ssdeep: 49152:m3U5bcnLSQYDSkzdpjxkFPEVKcW/WxL+uJM/3m0/lOYYdTl0:mEVcnLSQKSwdp9kF8QcW+xL+uJMP7/Ql
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T127A51241FBA185BED12706358E0346AC59373E5139506BB727E97E0F4EB9243BD0E22B
sha3_384: ad5d994804d0ce578107ef00e6af9451b9091af25990f9580f05ee3705b2687ef8065ce64ce44d36068352a46852087d
ep_bytes: 558bec6aff688876570068604f570064
timestamp: 2021-10-23 16:08:06

Version Info:

0: [No Data]

PUA.GenericPMF.S24144027 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47241727
FireEyeGeneric.mg.6e554bbe0dcbe025
CAT-QuickHealPUA.GenericPMF.S24144027
McAfeeGenericRXAA-AA!6E554BBE0DCB
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058214e1 )
AlibabaTrojan:Win32/Sabsik.3d0acf52
K7GWTrojan ( 0058214e1 )
BitDefenderThetaGen:NN.ZexaF.34182.hEW@aSxo7NFi
CyrenW32/FakeAlert.FY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLIQ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Injuke.gen
BitDefenderTrojan.GenericKD.47241727
AvastWin32:AdwareX-gen [Adw]
EmsisoftTrojan.GenericKD.47241727 (B)
ZillyaTrojan.Kryptik.Win32.3601255
TrendMicroTROJ_GEN.R03FC0PJQ21
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1142521
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.34C19D9
MicrosoftTrojan:Win32/Sabsik.REA!MTB
GDataWin32.Trojan.PSE.1QRPSAL
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Generic.R425898
ALYacTrojan.GenericKD.47241727
VBA32Trojan.Injuke
MalwarebytesAdware.Agent.SFP.Generic
TrendMicro-HouseCallTROJ_GEN.R03FC0PJQ21
RisingTrojan.Kryptik!1.AA55 (CLOUD)
IkarusTrojan.Win32.Crypt
FortinetW32/Kryptik.HATU!tr
AVGWin32:AdwareX-gen [Adw]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove PUA.GenericPMF.S24144027?

PUA.GenericPMF.S24144027 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment