PUA

About “PUAAdvertising:Win32/Kuaiba” infection

Malware Removal

The PUAAdvertising:Win32/Kuaiba is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUAAdvertising:Win32/Kuaiba virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine PUAAdvertising:Win32/Kuaiba?



File Info:

name: 43717347C9D255E7F5AC.mlw
path: /opt/CAPEv2/storage/binaries/cf3de5c33fc174cd4b23d78ec2515abcd60b8761109a4c32d58003336ed2bb43
crc32: 63237B8F
md5: 43717347c9d255e7f5ac074553f634da
sha1: 7137543c4f5943201f23ee19d920a32fa5280631
sha256: cf3de5c33fc174cd4b23d78ec2515abcd60b8761109a4c32d58003336ed2bb43
sha512: 2e344854bfcbf6cd829542d9ab650212220d2abb240c28049ca39eeb91feaad58ec8624c1f13ea1d7164ba6812e086c841eb69d14e1630f5177c7f72b45ea605
ssdeep: 98304:59f0X6N49QRDLyoCms+IGi6R/nIpWrgP2LgvjfADjiyc5jGkcJgr8UF7:38qNwuLyks+CPWCfykGkcjA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T151362314A8EA27A2C54913331F93773792133FC42AB4AC6EEF5D7AE626F21454D1B312
sha3_384: 9ec01815d57604314631937d0339b4b761603e97c3cd41362aefc6b68b1b9a7069ed91c6ce2abe94c0e7c82403385334
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-06-18 21:33:27


Version Info:

Comments: 页游助手 v4.1
CompanyName: 凡游网络
FileDescription: 页游助手 v4.1 安装程序
FileVersion: 4.1.1.1332
LegalCopyright: 版权所有 (C)2013 凡游网络
ProductName: 页游助手
ProductVersion: 4.1.1.1332
SpecialBuild: 100001
Translation: 0x0804 0x03a8

PUAAdvertising:Win32/Kuaiba also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CylanceUnsafe
ZillyaAdware.BrowseFox.Win32.295392
SangforPUAAdvertising.Win32.Kuaiba.mt
CyrenW32/Kuaiba.E.gen!Eldorado
ESET-NOD32multiple detections
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
SophosGeneric ML PUA (PUA)
Antiy-AVLTrojan/Generic.ASMalwNS.ED4
MicrosoftPUAAdvertising:Win32/Kuaiba
GDataWin32.Application.Agent.T4YN0T
CynetMalicious (score: 100)
McAfeeArtemis!43717347C9D2
VBA32BScope.Trojan.Occamy
MalwarebytesAdware.ChinAd
APEXMalicious
TencentTrojan.Win32.BitCoinMiner.la
FortinetAdware/Kuaiba.L
CrowdStrikewin/malicious_confidence_70% (D)

How to remove PUAAdvertising:Win32/Kuaiba?

PUAAdvertising:Win32/Kuaiba removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment