PUA

PUABundler:Win32/Rostpay malicious file

Malware Removal

The PUABundler:Win32/Rostpay is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUABundler:Win32/Rostpay virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine PUABundler:Win32/Rostpay?



File Info:

name: 99DEC621A86A775D1149.mlw
path: /opt/CAPEv2/storage/binaries/b3fd9bfcf91a9b020854c118174f19da16ff45cd2077d853a4fd5d5c379157b3
crc32: CD5359FC
md5: 99dec621a86a775d1149d16144078045
sha1: 3228f6690a84d38744e59abc2d8bacc65e6891ea
sha256: b3fd9bfcf91a9b020854c118174f19da16ff45cd2077d853a4fd5d5c379157b3
sha512: 79db7f72c4b654f5360a15263ada97a9d40135822aad2efb68078821f16ed8c8f048e4e5e59189984a8aa5107b2127b9e441d58a5ebbf6e73d3e960f810fc028
ssdeep: 24576:xq0HM2m7RNORRzjBBx0q13ILrMYDy3+5J9/16j:xqkc2RtHKs8Dy30dY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15B252357936EEA12E4BE9B31D3A2F1F4686BAE0AD55986C7C4E93D137B340833743481
sha3_384: 065e39c607634aa58d619fefb8d106be6384708aabf10220055e2ffe1e762697b06a836f73787fc1fe76af84a7fecd94
ep_bytes: 60be00605d008dbe00b0e2ffc7874855
timestamp: 2019-09-30 14:40:18


Version Info:

FileDescription: DriverHub Installer
FileVersion: 1.7.0.0
InternalName: DriverHub
LegalCopyright: © ROSTPAY LTD. All rights reserved.
OriginalFilename: DriverHubInstaller.exe
ProductName: DriverHub
ProductVersion: 1.7.0.0
Translation: 0x0409 0x04b0

PUABundler:Win32/Rostpay also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
BitDefenderThetaGen:NN.ZexaF.36802.6m1@aCckSJak
ClamAVWin.File.Rostpay-9917275-0
DrWebProgram.Unwanted.4320
SophosGeneric ML PUA (PUA)
GoogleDetected
Antiy-AVLTrojan/Win32.SGeneric
MicrosoftPUABundler:Win32/Rostpay
XcitiumApplication.Win32.Rostpay.B@8qs3iu
MalwarebytesPUP.Optional.BundleInstaller
RisingPUF.Rostpay!8.10916 (TFE:5:hDa3ZXD4lmG)
MaxSecureTrojan.Malware.300983.susgen
DeepInstinctMALICIOUS

How to remove PUABundler:Win32/Rostpay?

PUABundler:Win32/Rostpay removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment