Categories: PUA

Should I remove “PUA:Win32/FusionCore.C”?

The PUA:Win32/FusionCore.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUA:Win32/FusionCore.C virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Presents an Authenticode digital signature
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family
Attempts to modify proxy settings
Attempts to interact with an Alternate Data Stream (ADS)
Yara detections observed in process dumps, payloads or dropped files

How to determine PUA:Win32/FusionCore.C?


File Info:
name: 46E8FC64DF20D7CF81D4.mlwpath: /opt/CAPEv2/storage/binaries/8fe18d8ac5b1a6bba7b8dc136e0fbf12312af61169e80bb7966a669996a60c33crc32: 060DFE19md5: 46e8fc64df20d7cf81d4ac13eb2632b9sha1: 777c5fb487a8fce09f528a115d4f0cb5cd979d5csha256: 8fe18d8ac5b1a6bba7b8dc136e0fbf12312af61169e80bb7966a669996a60c33sha512: 07f7e5156bb9ac43aa0afb08cc14764074cb2e8e6807e07df8216aa66442ffbcb042ed293659ae3ec869fe28f6755beafba173310b9e0461042431bcc5aa3f1cssdeep: 196608:68oCY+MLQKEmueXNn5iDozgURKZ4X0h2hZzqBVAhv8ZgRj:g+5fmuedQoX/kueWhvSgNtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1CAC6233FB224643EC9AA5E3145B39320993BBA51B81A8C2E07F0484DDF665F13E7F651sha3_384: bbf0d9773a4b183e7b510704af94b1ad13824a5201b691c50ca4a9541e7cff18f6e7f7ccf68b92479f6a6ecaa146c6b1ep_bytes: 558bec83c4a453565733c08945c48945timestamp: 2020-05-21 05:56:23
Version Info:
Comments: This installation was built with Inno Setup.CompanyName: PDFCore Co., Ltd.                                           FileDescription: Advanced Scan to PDF Free Setup                             FileVersion:                     LegalCopyright:                                                                                                     OriginalFileName:                                                   ProductName: Advanced Scan to PDF Free                                   ProductVersion:                                                   Translation: 0x0000 0x04b0

PUA:Win32/FusionCore.C also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Application.Bundler.Relevant.A.D7B07B23
FireEye	Generic.Application.Bundler.Relevant.A.D7B07B23
Skyhigh	Artemis!PUP
McAfee	Artemis!46E8FC64DF20
Cylance	unsafe
VIPRE	Generic.Application.Bundler.Relevant.A.D7B07B23
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/grayware_confidence_100% (W)
ESET-NOD32	multiple detections
BitDefender	Generic.Application.Bundler.Relevant.A.D7B07B23
Avast	FileRepMalware [Trj]
Emsisoft	Generic.Application.Bundler.Relevant.A.D7B07B23 (B)
DrWeb	Adware.Relevant.189
Google	Detected
Varist	W32/ABApplication.JRXO-5624
Antiy-AVL	GrayWare/Win32.FusionCore
Microsoft	PUA:Win32/FusionCore.C
Arcabit	Generic.Application.Bundler.Relevant.A.D7B07B23
GData	Generic.Application.Bundler.Relevant.A.D7B07B23
VBA32	Adware.Relevant
ALYac	Generic.Application.Bundler.Relevant.A.D7B07B23
MAX	malware (ai score=83)
Malwarebytes	Generic.Trojan.Malicious.DDS
Rising	Adware.RelevantKnowledge/IFPS!1.EDA7 (CLASSIC)
MaxSecure	Trojan.Malware.115097187.susgen
Fortinet	Riskware/FusionCore
AVG	FileRepMalware [Trj]
Cybereason	malicious.4df20d
DeepInstinct	MALICIOUS