PUA Risk

What is “PUA.RiskwarePMF.S32861503”?

Malware Removal

The PUA.RiskwarePMF.S32861503 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA.RiskwarePMF.S32861503 virus can do?

  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Yara detections observed in process dumps, payloads or dropped files

How to determine PUA.RiskwarePMF.S32861503?


File Info:

name: 0F47A791DD8E9A5A9399.mlw
path: /opt/CAPEv2/storage/binaries/d62f08fac2807d2370edd5778c86164467acde2ca5505f1f8eaf9e905f2db6d6
crc32: BFFC8291
md5: 0f47a791dd8e9a5a9399de7c4aad62e6
sha1: c3deb9495cce4b85ceb58c1053dde629b9abfceb
sha256: d62f08fac2807d2370edd5778c86164467acde2ca5505f1f8eaf9e905f2db6d6
sha512: d682774190c2012d2001a539d5ab58950688cf9f97fa30d3b5749106934f96da58fd109602d3de9456f78784e374815f7d8a9ad2f649d8a96bbdd512d15ab0f9
ssdeep: 98304:J2SSfL5ov8WlL5CO6idTFHcsvdqpkGASEbEgqWqEn5vPydZ6OmV7ncAQMHKQNAur:u3GARBx+MOlLl0cAIV
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T185A69E13B244C03DD06A0F364937E7B8553E7F913A6ACD9B57A83A4C4F75580EA2B24B
sha3_384: fe998040028d5c62f7c9d372d0b748e669b3407fe637bb2070891bc33735ee5552b0db6b86b89b019212087c925d4ca9
ep_bytes: eb1066623a432b2b484f4f4b90e90c81
timestamp: 2015-04-22 16:38:32

Version Info:

CompanyName: 亞台龍欸
FileDescription: 提供給掛機玩家
FileVersion: 178.2.0.0
InternalName: SmallGCOk
LegalCopyright: SmallGCOk
LegalTrademarks: 亞台龍欸
OriginalFilename: 亞台龍欸 - 自動練功掛機器
ProductName: 亞台龍欸 - 自動練功掛機器
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

PUA.RiskwarePMF.S32861503 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
CAT-QuickHealPUA.RiskwarePMF.S32861503
K7AntiVirusRiskware ( 00584baa1 )
K7GWRiskware ( 00584baa1 )
Trapminemalicious.high.ml.score
SophosMal/VMProtBad-A
Antiy-AVLTrojan/Win32.Wacatac
PandaTrj/Genetic.gen
RisingMalware.Undefined!8.C (RDMK:cmRtazq4gaG19ZdF/I1Tl79EfGyK)
YandexTrojan.GenAsa!Tq44TKaRotU
MaxSecureTrojan.Malware.219769828.susgen
BitDefenderThetaGen:NN.ZedlaF.36802.@N9@aq7aV0li

How to remove PUA.RiskwarePMF.S32861503?

PUA.RiskwarePMF.S32861503 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment