Categories: PUA

PUADlManager:Win32/Vintaller information

The PUADlManager:Win32/Vintaller is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUADlManager:Win32/Vintaller virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Reads data out of its own binary image
Unconventionial binary language: Russian
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid

How to determine PUADlManager:Win32/Vintaller?


File Info:
name: 5D1F276E7692563A078B.mlwpath: /opt/CAPEv2/storage/binaries/00791c8fb2653a3df32c26b4f3a4e706185c5c569de95b033447f7dd744388d5crc32: 2B44BB1Dmd5: 5d1f276e7692563a078b70c5aac11d4bsha1: 26ff2b335efc2536f94be51a49e2e8c67645a81fsha256: 00791c8fb2653a3df32c26b4f3a4e706185c5c569de95b033447f7dd744388d5sha512: 1fa6c6416b94704a4bf4ff84e405728580d87f1fe748f61cbbbde5492593ebd1659eea4ae3a86044b3f9ba047486001fa7e239414036b38ddbdc570b05f08d6essdeep: 6144:lTAcKvOyThhXbFCtRUeu2l2RknGlwAZfJZ/fpnV1OXd7HVh:l4zHXbF2uqilNB91wrVhtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E554123353088D12CD7858782E43D7FA2864F1BBA905EB073AE17A7D18F25E2E9D9413sha3_384: baca4f96409faccc7914aa300f1df29f083eb745683fc939f08cb4423b48627be753be6c8b94358ac2f275b8145a4bd0ep_bytes: 60be00c046008dbe0050f9ff57eb0b90timestamp: 2014-11-09 13:51:39
Version Info:
CompanyName: CNS.DigitalFileDescription: EasyLoaderFileVersion: 1.1.0.6InternalName: app.rcLegalCopyright: CNS (c) 2014OriginalFilename: appProductName: EasyLoaderProductVersion: 1.1.0.6Translation: 0x0419 0x04b0

PUADlManager:Win32/Vintaller also known as:

Lionic	Trojan.Win32.Generic.m1p7
MicroWorld-eScan	Rootkit.71860
FireEye	Generic.mg.5d1f276e7692563a
ALYac	Rootkit.71860
Cylance	Unsafe
Sangfor	Riskware.Win32.Agent.ky
Alibaba	Rootkit:Win32/Generic.a56c1e89
Cybereason	malicious.e76925
VirIT	Trojan.Win32.Agent.BHBR
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Generik.JSFIKSN
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Rootkit.71860
NANO-Antivirus	Trojan.Win32.Agent.dmcols
Avast	Win32:Rootkit-gen [Rtk]
Tencent	Malware.Win32.Gencirc.10c6dfd2
Ad-Aware	Rootkit.71860
Emsisoft	Rootkit.71860 (B)
Zillya	Backdoor.Rozena.Win32.1428
TrendMicro	TROJ_GEN.R002C0WDQ22
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.dc
Sophos	Mal/Generic-S
GData	Rootkit.71860
Jiangmin	Rootkit.71860.a
Avira	RKIT/Agent.gaffr
MAX	malware (ai score=81)
ViRobot	Trojan.Win32.Z.Agent.278965
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	PUADlManager:Win32/Vintaller
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win32.Generic.C1689653
McAfee	Artemis!5D1F276E7692
VBA32	BScope.Downloader.Snojan
TrendMicro-HouseCall	TROJ_GEN.R002C0WDQ22
Rising	Malware.Undefined!8.C (CLOUD)
Ikarus	Trojan-PSW.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
BitDefenderTheta	Gen:NN.ZexaF.34638.rmLfamJVRhek
AVG	Win32:Rootkit-gen [Rtk]
Panda	Trj/Genetic.gen