PUA

PUP.Optional.Kuping removal instruction

Malware Removal

The PUP.Optional.Kuping is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUP.Optional.Kuping virus can do?

  • At least one process apparently crashed during execution
  • Sample contains Overlay data
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Collects information about installed applications
  • Anomalous binary characteristics

How to determine PUP.Optional.Kuping?


File Info:

name: E5169A8B4B3711D23BDB.mlw
path: /opt/CAPEv2/storage/binaries/00d13500963f364086e44134b2d3591d5578ab3e7da086922c924e5c555142f6
crc32: A80018F9
md5: e5169a8b4b3711d23bdb8092a6062edd
sha1: 0178a73b53216cf93e0a2c450af404f9716600b4
sha256: 00d13500963f364086e44134b2d3591d5578ab3e7da086922c924e5c555142f6
sha512: 1b24665864d8d3e7354e677520b0ea1bb9984f1e75f195daf184620f7e276364612a15e41535376ca2393a28f34c87d6af42a50feb0a42b62d70140d33a392b6
ssdeep: 12288:Tgn8azROSH2PIkrnoeVbX+DRCUO/9Uw0sn8RlQVe1K647LgnUo8:TgBzMUSrnXpXARNTlQeK6EsUo8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12B25E003E38240B4D30652B0CAEBA7399E3169C667059B87DBBCDD696D73698B037317
sha3_384: 34f8ecb95df3cedf3ee0421b7ec7433cf43912db595cb61614836393bd68497dc6fb89e35d41a02f4a4e83fc7fa1033a
ep_bytes: 558bec6aff6860bd44006812ef410064
timestamp: 2014-08-18 07:59:20

Version Info:

Comments: 图片查看器程序
CompanyName: 话语科技
FileDescription: 图片查看器安装包程序
FileVersion: 1, 0, 1, 4
InternalName: InStaller
LegalCopyright: 话语科技版权所有 (C) 2014
LegalTrademarks:
OriginalFilename: InStaller.EXE
PrivateBuild:
ProductName: 图片查看器
ProductVersion: 1, 0, 1, 4
SpecialBuild:
Translation: 0x0804 0x04b0

PUP.Optional.Kuping also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Gobot.mqkp
Elasticmalicious (high confidence)
FireEyeGeneric.mg.e5169a8b4b3711d2
CAT-QuickHealDownloader.Agent.22444
ZillyaTrojan.Black.Win32.42728
SangforPUP.Win32.Kuping.V0vo
K7AntiVirusRiskware ( 005292311 )
AlibabaMalware:Win32/km_24f52.None
K7GWRiskware ( 005292311 )
CrowdStrikewin/malicious_confidence_60% (D)
VirITTrojan.Win32.DownLoader12.BJPP
CyrenW32/Zbot.RS.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kuping.J potentially unwanted
Paloaltogeneric.ml
KasperskyTrojan.Win32.Gobot.bmd
TencentMalware.Win32.Gencirc.114defdd
ComodoApplication.Win32.Kuping.B@6y68qo
DrWebAdware.Weiduan.18
TrendMicroTROJ_GEN.R002C0PE522
McAfee-GW-EditionRDN/Generic PUP.x
Trapminesuspicious.low.ml.score
SophosGeneric PUA AB (PUA)
GDataWin32.Trojan.Agent.OJMYM0
JiangminTrojan.Gobot.g
ViRobotTrojan.Win32.Z.Weiduan.1011712
MicrosoftPUA:Win32/Kuping
AhnLab-V3Trojan/Win.Gobot.C5108271
Acronissuspicious
McAfeeRDN/Generic PUP.x
VBA32BScope.Trojan.Gobot
MalwarebytesPUP.Optional.Kuping
TrendMicro-HouseCallTROJ_GEN.R002C0PE522
RisingTrojan.Generic@AI.100 (RDML:K5JXMJhr1QtZJm22DWC0lA)
YandexTrojan.Gobot!pBcGLVbgb7k
IkarusTrojan.Win32.Gobot
FortinetRiskware/Kuping
BitDefenderThetaGen:NN.ZexaE.34786.9q3@aenK4Lpb
Cybereasonmalicious.b53216
PandaTrj/Genetic.gen

How to remove PUP.Optional.Kuping?

PUP.Optional.Kuping removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment