Categories: PUA

What is “PUP.Optional.Dropper”?

The PUP.Optional.Dropper is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUP.Optional.Dropper virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Unconventionial language used in binary resources: Russian
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine PUP.Optional.Dropper?


File Info:
crc32: B55D4996md5: 30d5d612339d12a0911142bbe66c1eeaname: 30D5D612339D12A0911142BBE66C1EEA.mlwsha1: af572590f8d1c9d85b74d7b432c71834fe3372e2sha256: d8688c457e4f3366f9c1ff227e6cff35d40125d37b24c8aa20ae09b60c31e91dsha512: 6e7bfd2e0e4a4b51486a4ba8a3e2f8227c63ad0bdc3da7cafd314e09e228eda20fbb026d72a2729663f96c36547bfbae036994b4a98df0aaa2893ba94f1a27ffssdeep: 98304:KBzbwn1kjyS4kZraPOPfy6gs6076VKmdXOyrRif6zeTqXd3jFcYEa:iPOS4irqO76VKmdXO9fC3jFcYEtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
FileVersion: 1.0.0.0ProductVersion: 1.0.0.0Translation: 0x0409 0x04e4

PUP.Optional.Dropper also known as:

Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.Strictor.262598
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.nil
CrowdStrike	win/malicious_confidence_60% (D)
Cybereason	malicious.0f8d1c
Baidu	Win32.Trojan-Dropper.Injector.d
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Hoax.ArchSMS.AHE.Gen
APEX	Malicious
Avast	FileRepMalware [PUP]
Kaspersky	not-a-virus:HEUR:Downloader.Win32.Monstruos.gen
BitDefender	Gen:Variant.Strictor.262598
NANO-Antivirus	Trojan.Win32.Inject.deifrs
MicroWorld-eScan	Gen:Variant.Strictor.262598
Ad-Aware	Gen:Variant.Strictor.262598
Sophos	Generic PUA KP (PUA)
Comodo	ApplicUnwnt.Win32.Hoax.ArchSMS.AHBA@5bjlju
BitDefenderTheta	Gen:NN.ZelphiF.34294.@R0@aerZlrdk
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
FireEye	Generic.mg.30d5d612339d12a0
Emsisoft	Gen:Variant.Strictor.262598 (B)
SentinelOne	Static AI – Suspicious PE
Avira	TR/Fraud.Gen7
Kingsoft	Win32.Troj.DownMonstruo.ao.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Strictor.262598
McAfee	Artemis!30D5D612339D
MAX	malware (ai score=89)
Malwarebytes	PUP.Optional.Dropper
Panda	Trj/Genetic.gen
Ikarus	Hoax.Win32.ArchSMS
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.BKAZ!tr
AVG	FileRepMalware [PUP]