PUA

PUA.GenericPMF.S4254997 removal tips

Malware Removal

The PUA.GenericPMF.S4254997 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA.GenericPMF.S4254997 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Detects the presence of Wine emulator via registry key
  • Accessed credential storage registry keys
  • Anomalous binary characteristics

How to determine PUA.GenericPMF.S4254997?



File Info:

name: 8C7C311A3D02F4991326.mlw
path: /opt/CAPEv2/storage/binaries/22d55706739369eacd765617bbc667dcb3ed46251c2275b65f851d0ad3ad45d7
crc32: ADEDD7EB
md5: 8c7c311a3d02f4991326c9e3dd023b90
sha1: 275a5693f0fc91997049085afde1e59e6ec367e4
sha256: 22d55706739369eacd765617bbc667dcb3ed46251c2275b65f851d0ad3ad45d7
sha512: b4373a3d361b79f31162b56e54e157ae4be02ce3714e8d2aae23987845d531c52823b3a196bdb0be4681b60d1e87c1762e2afe7f70b4a0bb926f4d4ba474311e
ssdeep: 98304:SF38dA6c9uljIUB0wZNA2vcOBAtxp6rm3:2sA6c9QB3ZNA2DALorc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F916F1963B20E726D09662B3481DCE5CDE606E1CC9635CA363C53CFF27B19294EE125E
sha3_384: db811a80cffbfa2d7b3a87fab1c5e6433fa0b77b3c1649943b1962bbbba24a4aa048e09a3521f37861db638e3cfdf631
ep_bytes: 558bec6aff68b8825e0068a83e5e0064
timestamp: 2018-11-12 15:43:54


Version Info:

CompanyName: MODJD
FileVersion: 10.2.1.2348
FileDescription: MODJD Internet Security
LegalCopyright: 2005-2018 MODJD. All rights reserved.
ProductName: MODJD Internet Security
ProductVersion: 10.2.1.2348
Translation: 0x0409 0x04e4

PUA.GenericPMF.S4254997 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.372856
FireEyeGeneric.mg.8c7c311a3d02f499
CAT-QuickHealPUA.GenericPMF.S4254997
McAfeePacked-FME!8C7C311A3D02
CylanceUnsafe
K7AntiVirusTrojan ( 00540e321 )
AlibabaTrojan:Win32/Ekstak.0cccc9e9
K7GWTrojan ( 00540e321 )
Cybereasonmalicious.a3d02f
SymantecPUA.ICLoader
ESET-NOD32a variant of Win32/Kryptik.GMQV
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.372856
NANO-AntivirusTrojan.Win32.Moneyinst.fkcavq
AvastWin32:ICLoader-X [Adw]
RisingTrojan.Kryptik!1.AA23 (CLASSIC)
Ad-AwareGen:Variant.Zusy.372856
SophosGeneric PUA CH (PUA)
ComodoApplication.Win32.ICLoader.GS@84429a
ZillyaTrojan.Ekstak.Win32.17283
TrendMicroTROJ_GEN.R002C0PKN21
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
EmsisoftGen:Variant.Zusy.372856 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.372856
AviraTR/ICLoader.Gen8
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.2A5366F
MicrosoftSoftwareBundler:Win32/ICLoader
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.ICLoader.R244534
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34294.@B0@aCRTMnfi
ALYacGen:Variant.Zusy.372856
VBA32BScope.Trojan.Ekstak
MalwarebytesAdware.Agent
TrendMicro-HouseCallTROJ_GEN.R002C0PKN21
TencentMalware.Win32.Gencirc.114d8380
YandexTrojan.GenAsa!+xMRp9yjRqs
IkarusPUA.ICLoader
eGambitUnsafe.AI_Score_100%
FortinetW32/CoinMiner.GYQC!tr
AVGWin32:ICLoader-X [Adw]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove PUA.GenericPMF.S4254997?

PUA.GenericPMF.S4254997 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment