PUA

PUA.IgenericIH.S12792344 information

Malware Removal

The PUA.IgenericIH.S12792344 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA.IgenericIH.S12792344 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location

How to determine PUA.IgenericIH.S12792344?



File Info:

name: C7D833602AB5AA1BD401.mlw
path: /opt/CAPEv2/storage/binaries/c109e707ac564ff6307771b1f5fc51318b2a1059e3f34a5c527a5bf5725e4c79
crc32: 026B8A6D
md5: c7d833602ab5aa1bd401333d94d0c2ad
sha1: 7879eddce4bf3aa42dba31d75599904b22f8d8a6
sha256: c109e707ac564ff6307771b1f5fc51318b2a1059e3f34a5c527a5bf5725e4c79
sha512: 6a05da468f3c4dc694f15d7f2e2902748e0ced9205f9c9402e035fe02d20e4ca38f6dfef7887e9bf8bcd58aff4a08920175feb2004da1e98e6a1466c77c0247d
ssdeep: 12288:RSDcBMF2J+om6aPgAjksfk+TDXL1drUxT5sjV4GiXJZ6+gjN7yaUWK++xoSFqh:IABM8yYrsfk+3XQ5s69Xi+TaUd+Wq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BAF4DEBD75C4B34CC6D8E0B3FD79C1B3A590EA837261C5D6EE4B361928FD1A8840E985
sha3_384: 620f1cbb3ac70105ab14c4004e0ce1f97416b18b14cc4551947e0f09373a25f39efc161e53e232e6d77a0524890df1a9
ep_bytes: 60be15b043008dbeeb5ffcff5789e58d
timestamp: 2017-01-18 10:10:35


Version Info:

0: [No Data]

PUA.IgenericIH.S12792344 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Symmi.4!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Graftor.535737
FireEyeGeneric.mg.c7d833602ab5aa1b
CAT-QuickHealPUA.IgenericIH.S12792344
ALYacGen:Variant.Graftor.535737
CylanceUnsafe
SangforTrojan.Win32.Occamy.CC1
K7AntiVirusUnwanted-Program ( 004ffa471 )
K7GWUnwanted-Program ( 004ffa471 )
VirITTrojan.Win32.KillProc.DALG
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/HackTool.Patcher.DE potentially unsafe
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Graftor.535737
AvastFileRepMetagen [Trj]
RisingTrojan.Injector!1.9DEE (CLOUD)
Ad-AwareGen:Variant.Graftor.535737
EmsisoftTrojan.Generic (A)
ZillyaTool.Patcher.Win32.18862
McAfee-GW-EditionBehavesLike.Win32.Backdoor.bc
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
JiangminRiskTool.BitCoinMiner.bmt
WebrootW32.Trojan.Gen
MAXmalware (ai score=85)
KingsoftWin32.Troj.Generic.v.(kcloud)
MicrosoftTrojan:Win32/Occamy.CC1
ArcabitTrojan.Graftor.D82CB9
GDataGen:Variant.Graftor.535737
CynetMalicious (score: 100)
McAfeeArtemis!C7D833602AB5
VBA32BScope.Trojan.Bitrep
YandexPUP.Patcher!v5WnZys6mFg
Ikaruspossible-Threat.Hacktool.Patcher
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Patcher
BitDefenderThetaAI:Packer.D39EE56A21
AVGFileRepMetagen [Trj]
Cybereasonmalicious.02ab5a

How to remove PUA.IgenericIH.S12792344?

PUA.IgenericIH.S12792344 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment