PUA

About “PUP.Optional.EmployeeActMon” infection

Malware Removal

The PUP.Optional.EmployeeActMon is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUP.Optional.EmployeeActMon virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Enumerates physical drives
  • Attempted to write directly to a physical drive
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine PUP.Optional.EmployeeActMon?



File Info:

name: 40B99A1EBDBD5B716B12.mlw
path: /opt/CAPEv2/storage/binaries/2e8569d7bfd19d0ce8e2aecffb9c1e87abdc55b7bbd03c4248c92a99cfc333ae
crc32: AE33F96F
md5: 40b99a1ebdbd5b716b1201bc20627e59
sha1: e366fbf5b26cd6172e88d1ba8faa3c0ae0eaecdc
sha256: 2e8569d7bfd19d0ce8e2aecffb9c1e87abdc55b7bbd03c4248c92a99cfc333ae
sha512: 0494cb27aff829dfbb880c34d1d65cc7cf5428e195d0c24cdcd377b6f7a1119befc81490e14553496da399e1b845e776148dad9af69dff1250af31610bb78c7d
ssdeep: 393216:sc1cnuR1lExuYe7SCmvn+U+4OachQmzic:ncne0e7uvn+Ur2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10CD63356D4B3E1F7D980A13632BEF4C2209D770BED2C9DB8F005A9DD78976AB1201B61
sha3_384: 61d1b3eb5bb15269fe2f9cd14b81ffed3654142ed497832e019a20e46c890cebd9660070f3c04cac9895a82efc92660f
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: IMonitor Software                                           
FileDescription: EAM Professional Setup                                      
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: EAM Professional                                            
ProductVersion:                                                   
Translation: 0x0000 0x04b0

PUP.Optional.EmployeeActMon also known as:

SkyhighArtemis
MalwarebytesPUP.Optional.EmployeeActMon
ESET-NOD32a variant of Win32/Monitor.EmployeeActMon potentially unsafe
APEXMalicious
NANO-AntivirusRiskware.Win32.FPort.dyzmpg
RisingTrojan.Generic@AI.80 (RDML:FS1zxhtAvTN41qNYYsonhw)
DrWebTrojan.DownLoader23.41305
Trapminemalicious.moderate.ml.score
WebrootSystem.Monitor.Employee.Activit
McAfeeArtemis!40B99A1EBDBD
VBA32BScope.Trojan.Agent
Cylanceunsafe
IkarusTrojan-Downloader.Win32.Banload
FortinetRiskware/EmployeeActMon
DeepInstinctMALICIOUS

How to remove PUP.Optional.EmployeeActMon?

PUP.Optional.EmployeeActMon removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment