PUA

PUA:Win32/Jisu information

Malware Removal

The PUA:Win32/Jisu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/Jisu virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Accessed credential storage registry keys
  • Collects information to fingerprint the system
  • Yara detections observed in process dumps, payloads or dropped files

How to determine PUA:Win32/Jisu?



File Info:

name: C7410A7C9E447F00CC9A.mlw
path: /opt/CAPEv2/storage/binaries/9771e39dc60faa301e6ac24d8d61ea43d7f29f18de99018bf34821eedc957315
crc32: D29FC4DC
md5: c7410a7c9e447f00cc9ab94014978808
sha1: 2263bd75f33cf3ddaebb52c19ef764c65dcd56fc
sha256: 9771e39dc60faa301e6ac24d8d61ea43d7f29f18de99018bf34821eedc957315
sha512: c72e2c317c24c80729b6cd830ed14966df9ee07c4d54dc32a52dbc63360e7c36b926912f23a1cee46d2b4401f51dc9938519000e9559044290fe9f22f904b8a2
ssdeep: 196608:EDsQuiWFkH+5x/bTOUwklMsJhkAiTvRyQ:diW6+f/PsW3LtEvRy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11B962291CC7791E3E561DEFDA0399F0D829A7D106D23B90DA45F30843A7EE11422DEAB
sha3_384: 51b603edc0db49f6d98d1787323930c12bf4e12584dc45df825e1f8aab99bef45d7c7e3ed5a811c209ecb3600865f871
ep_bytes: 60be0040c7008dbe00d078ff57eb0b90
timestamp: 2016-04-13 06:05:40


Version Info:

FileVersion: 3.1.16.413
Comments: 小猪一键备份还原系统
FileDescription: 小猪一键备份还原系统
LegalCopyright: Copyright © 2013-2015
ProductVersion: 3.1.16.413
授权方式: arFi
Translation: 0x0804 0x04b0

PUA:Win32/Jisu also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
SkyhighBehavesLike.Win32.DLSponsor.rc
CrowdStrikewin/malicious_confidence_90% (W)
Elasticmalicious (moderate confidence)
APEXMalicious
CynetMalicious (score: 100)
Trapminesuspicious.low.ml.score
SophosGeneric Reputation PUA (PUA)
IkarusTrojan.Win32.Autoit
MicrosoftPUA:Win32/Jisu
Cylanceunsafe
MaxSecureTrojan.Malware.300983.susgen
DeepInstinctMALICIOUS

How to remove PUA:Win32/Jisu?

PUA:Win32/Jisu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment