Categories: PUA

How to remove “PUA.LoadmoneyPMF.S19249780”?

The PUA.LoadmoneyPMF.S19249780 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUA.LoadmoneyPMF.S19249780 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Presents an Authenticode digital signature
Dynamic (imported) function loading detected
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
Unconventionial language used in binary resources: Russian
Authenticode signature is invalid
Anomalous binary characteristics

How to determine PUA.LoadmoneyPMF.S19249780?


File Info:
name: AC9088997102A6FAF1E0.mlwpath: /opt/CAPEv2/storage/binaries/acf2698b07a2a3f662ddb96099b024cd74042065440e14cb716eb17d4ee7286ccrc32: 0D9FDB1Fmd5: ac9088997102a6faf1e09705bc291900sha1: eed9cf672f9f2daf5bb8842635b67992199545cdsha256: acf2698b07a2a3f662ddb96099b024cd74042065440e14cb716eb17d4ee7286csha512: c6698e58af6f9d822bb3e97fe71676244ab4f3d34b2a4aa44d1eb89f4efe64dd3e6e6f6e87fe164ad20ebdae9c4150ab742acf9663ae8c76ceca42bd00900faessdeep: 3072:+5ERKdsNSE8jWf+FnGevgjFA+WzmLpJhJ4RpS:+wB8qonGeoFA0lyptype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1DD047D1136D0C0B1D6B3023609E9AB71A6BDFD714F618B5B77984B4D1EB42C0BA36B63sha3_384: dd7c448ca33a5ef4f6fe002adaf77731134d1cbf77da87d3b21c6d2245a344fe61f820aad0abcbf9b2d60bf1476a8802ep_bytes: e83c720000e97ffeffff558bec8b4508timestamp: 2018-04-02 14:25:18
Version Info:
CompanyName: Mail.RuFileDescription: Mail.Ru LauncherFileVersion: 3.15.0.75InternalName: launcherLegalCopyright: Copyright 2015OriginalFilename: launcher.exeProductName: Mail.Ru LauncherProductVersion: 3.15.0.75Comments: Translation: 0x0409 0x04b0

PUA.LoadmoneyPMF.S19249780 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.74312
FireEye	Generic.mg.ac9088997102a6fa
CAT-QuickHeal	PUA.LoadmoneyPMF.S19249780
ALYac	Trojan.GenericKDZ.74312
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Adware ( 005170991 )
K7GW	Adware ( 005170991 )
Cybereason	malicious.97102a
Arcabit	Trojan.Generic.D12248
Cyren	W32/S-2773094c!Eldorado
Symantec	SMG.Heur!gen
ESET-NOD32	a variant of Win32/MailRu.R potentially unwanted
APEX	Malicious
ClamAV	Win.Malware.Mailru-6804164-0
Kaspersky	not-a-virus:HEUR:AdWare.Win32.Machaer.gen
BitDefender	Trojan.GenericKDZ.74312
SUPERAntiSpyware	PUP.Downloader/Variant
Avast	Win32:PUP-gen [PUP]
Tencent	Trojan.Win32.BitCoinMiner.la
Ad-Aware	Trojan.GenericKDZ.74312
Comodo	Application.Win32.MailRu.M@7oho6u
DrWeb	Trojan.Revizer.1409
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Emsisoft	Application.Downloader (A)
SentinelOne	Static AI – Malicious PE
Jiangmin	AdWare.Machaer.ad
Avira	APPL/MailRu.B
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Generic.ASBOL.C4F7
Microsoft	PUAAdvertising:Win32/LoadMoney
ViRobot	Trojan.Win32.Mailru.Gen.B
GData	Trojan.GenericKDZ.74312
Cynet	Malicious (score: 100)
AhnLab-V3	PUP/Win32.MailRu.R232581
McAfee	PUP-HAI
VBA32	BScope.Adware.Machaer
Malwarebytes	RiskWare.Agent
Yandex	Trojan.GenAsa!jAEP24k3Yx8
Ikarus	PUA.MailRu
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/MailRu.M!tr
AVG	Win32:PUP-gen [PUP]
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	Adware.Adware.Machaer.gen_172020