Categories: PUA

PUA:Win32/FusionCore.C removal guide

The PUA:Win32/FusionCore.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUA:Win32/FusionCore.C virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Presents an Authenticode digital signature
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
CAPE detected the embedded win api malware family
Attempts to modify proxy settings
Attempts to interact with an Alternate Data Stream (ADS)
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine PUA:Win32/FusionCore.C?


File Info:
name: D74C472A4616E738E956.mlwpath: /opt/CAPEv2/storage/binaries/0d873e75caabd138fccf18b9a2c08f156a7c4f8c7c44b535db04b43487a615e8crc32: 76D9A45Cmd5: d74c472a4616e738e956e6cbec36f23bsha1: c3729c7386b2570f49da416c9d33a82c32ba68fbsha256: 0d873e75caabd138fccf18b9a2c08f156a7c4f8c7c44b535db04b43487a615e8sha512: d7450271e42fa65680779e066b951f285358d68a2191c76d5cfa9b538331eaec5fb4d0b10214a1aaf620828a1fc545c8f3d75d3c0aac853a9f9379b65fc1255dssdeep: 196608:dN0X3/tm7jTmcs3wvM90tYGqx7QEb23KUww4Ij/tOj/jHFkNICFPPc010lhG:qo2csaJtSQs2aW/Ejb8NPHihGtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A4C6233FA267663EC56B0A3945729250597BBA60B81A4C1A0FF3185CCFE74701E3BE1Dsha3_384: dc754d793b6289256ce0d5df87ebb06810d38f6bbcc20363e42fcc4d0a46dc7b9a65d13a70061738f94edcaa13b60b12ep_bytes: 558bec83c4a453565733c08945c48945timestamp: 2020-05-21 05:56:23
Version Info:
Comments: This installation was built with Inno Setup.CompanyName: PDFSpin Co., Ltd.                                           FileDescription: Free PDF Split Setup                                        FileVersion:                     LegalCopyright:                                                                                                     OriginalFileName:                                                   ProductName: Free PDF Split                                              ProductVersion:                                                   Translation: 0x0000 0x04b0

PUA:Win32/FusionCore.C also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Application.Bundler.Relevant.A.8EAFFDF7
FireEye	Generic.Application.Bundler.Relevant.A.8EAFFDF7
Skyhigh	Artemis
McAfee	Artemis!D74C472A4616
Cylance	unsafe
Sangfor	Adware.Win32.Relevant.Vsq0
CrowdStrike	win/grayware_confidence_100% (W)
BitDefender	Generic.Application.Bundler.Relevant.A.8EAFFDF7
ESET-NOD32	multiple detections
Alibaba	AdWare:Win32/FusionCore.05ea3985
Avast	Win32:Adware-gen [Adw]
DrWeb	Adware.Relevant.189
Sophos	Generic Reputation PUA (PUA)
Antiy-AVL	GrayWare/Win32.Presenoker
Arcabit	Generic.Application.Bundler.Relevant.A.8EAFFDF7 [many]
Microsoft	PUA:Win32/FusionCore.C
VBA32	Adware.Relevant
ALYac	Generic.Application.Bundler.Relevant.A.8EAFFDF7
Malwarebytes	Generic.Trojan.Malicious.DDS
Rising	Adware.RelevantKnowledge/IFPS!1.EDA7 (CLASSIC)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Riskware/FusionCore
AVG	Win32:Adware-gen [Adw]
DeepInstinct	MALICIOUS