PUA

PUABundler:Win32/YandexBundled removal tips

Malware Removal

The PUABundler:Win32/YandexBundled is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUABundler:Win32/YandexBundled virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Harvests credentials from local FTP client softwares

How to determine PUABundler:Win32/YandexBundled?



File Info:

name: 4AD7543EBC1A740CD0E3.mlw
path: /opt/CAPEv2/storage/binaries/01d53b7b93b61718eeb4a246509cd6d94a29f63a2572ad4436b4329c4e9d74c6
crc32: 72133E46
md5: 4ad7543ebc1a740cd0e38f124a37c127
sha1: bea431c287d917f1ec5950506280a6328efd55aa
sha256: 01d53b7b93b61718eeb4a246509cd6d94a29f63a2572ad4436b4329c4e9d74c6
sha512: ec6a825ecb51b5614f6ca0549d894fe06864ff034e949bfab479c41d6280db8e8509ff399a7e6e5ea25e22391105aaac1d504f6e6c8ddbdc715c1a67cf60e6c1
ssdeep: 196608:NrHr1F3LFfOTkx2thwCKK7VSPWm3V6usSmopVMB:NrHr1F7FfOwYHKAEWmxsSrXMB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FD662311B6C28032D1B3073445F59260AE7DB9300FE9A59FAFF8D72E4A745C16A3A763
sha3_384: 70fedad62d81ce46acad83174a4e5eddfd02a4d02c8ede894c9acf41a4b517b45699af9e3f1fafaf5280854b168ac337
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2018-06-14 13:27:46


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Totall Commander Setup (r2112061000)                        
FileVersion: 9.22                
LegalCopyright:                                                                                                     
ProductName: Totall Commander                                            
ProductVersion: 9.22                                              
Translation: 0x0000 0x04b0

PUABundler:Win32/YandexBundled also known as:

LionicRiskware.Win32.Generic.1!c
Elasticmalicious (high confidence)
DrWebAdware.Downware.20026
CylanceUnsafe
K7AntiVirusAdware ( 00570af31 )
K7GWAdware ( 00570af31 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Yandex.K potentially unwanted
Paloaltogeneric.ml
CynetMalicious (score: 100)
AvastWin32:Malware-gen
McAfee-GW-EditionArtemis
AviraHEUR/AGEN.1206239
GridinsoftRansom.Win32.Wacatac.sa
ViRobotAdware.Yandex.6751584
MicrosoftPUABundler:Win32/YandexBundled
McAfeeArtemis!4AD7543EBC1A
MalwarebytesPUP.Optional.BundleInstaller
SentinelOneStatic AI – Malicious PE
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove PUABundler:Win32/YandexBundled?

PUABundler:Win32/YandexBundled removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment