PUA

PUA:Win32/Pearfoos.B!ml removal guide

Malware Removal

The PUA:Win32/Pearfoos.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUA:Win32/Pearfoos.B!ml virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to identify installed AV products by installation directory
  • Anomalous binary characteristics

How to determine PUA:Win32/Pearfoos.B!ml?


File Info:

name: F9FA1BE0CA6C018501AA.mlw
path: /opt/CAPEv2/storage/binaries/1e66c06afc4a183704b27f08be94b648b94df5b477bf7423f94c0778d7293fe8
crc32: D1F8B53E
md5: f9fa1be0ca6c018501aa23256afe6ffb
sha1: df27d40bde9a7a735960a2624b37fedc05970b9c
sha256: 1e66c06afc4a183704b27f08be94b648b94df5b477bf7423f94c0778d7293fe8
sha512: 2f56b266bf3e3df00d24a511ba14f6bd4b4a5ea1e885ff9fbfb02cdfdc812f2459521e32fac82eb9e74b57fcfbff679ea88f9f41cbb822ecda49f27a578438bc
ssdeep: 24576:aEpQQJvKPzvYZHTHy7H+2Jm/jlSmf6KeGUcgQW/MUSdGDd4K3ukXAuDzxWsw:7KPzvoS7fmUi6AjW/MUSdGRf3/fDzxg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12DA593216AEFA732CC7015708F3C959801A46C9496E7CE1636A47EEDFAB304D691F633
sha3_384: d3330976ffaa99367025e7ab0337455cb437fa79f8c3b23fb6d9b199dfa1a6bf65358fb3397e34f37a2fa479ff7c2111
ep_bytes: e805000000e999bb0000558bec83ec10
timestamp: 2006-10-27 21:57:25

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Setup Bootstrapper
FileVersion: 12.0.4518.1014
InternalName: setup.exe
LegalCopyright: © 2006 Microsoft Corporation. All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: setup.exe
ProductName: Microsoft Setup Bootstrapper
ProductVersion: 12.0.4518.1014
Translation: 0x0000 0x04e4

PUA:Win32/Pearfoos.B!ml also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.f9fa1be0ca6c0185
CylanceUnsafe
CyrenW32/Ipamor.U.gen!Eldorado
tehtrisGeneric.Malware
ClamAVWin.Trojan.Generic-9950561-0
SophosGeneric ML PUA (PUA)
IkarusTrojan.Msil
GDataWin32.Trojan.PSE.136NMWS
MicrosoftPUA:Win32/Pearfoos.B!ml
CynetMalicious (score: 100)
VBA32Trojan.Sabsik
APEXMalicious
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Patched.E9B8!tr
CrowdStrikewin/malicious_confidence_60% (D)

How to remove PUA:Win32/Pearfoos.B!ml?

PUA:Win32/Pearfoos.B!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment