Categories: PUA

PUP.Optional.Kuping removal instruction

The PUP.Optional.Kuping is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PUP.Optional.Kuping virus can do?

At least one process apparently crashed during execution
Sample contains Overlay data
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Reads data out of its own binary image
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Collects information about installed applications
Anomalous binary characteristics

How to determine PUP.Optional.Kuping?


File Info:
name: E5169A8B4B3711D23BDB.mlwpath: /opt/CAPEv2/storage/binaries/00d13500963f364086e44134b2d3591d5578ab3e7da086922c924e5c555142f6crc32: A80018F9md5: e5169a8b4b3711d23bdb8092a6062eddsha1: 0178a73b53216cf93e0a2c450af404f9716600b4sha256: 00d13500963f364086e44134b2d3591d5578ab3e7da086922c924e5c555142f6sha512: 1b24665864d8d3e7354e677520b0ea1bb9984f1e75f195daf184620f7e276364612a15e41535376ca2393a28f34c87d6af42a50feb0a42b62d70140d33a392b6ssdeep: 12288:Tgn8azROSH2PIkrnoeVbX+DRCUO/9Uw0sn8RlQVe1K647LgnUo8:TgBzMUSrnXpXARNTlQeK6EsUo8type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12B25E003E38240B4D30652B0CAEBA7399E3169C667059B87DBBCDD696D73698B037317sha3_384: 34f8ecb95df3cedf3ee0421b7ec7433cf43912db595cb61614836393bd68497dc6fb89e35d41a02f4a4e83fc7fa1033aep_bytes: 558bec6aff6860bd44006812ef410064timestamp: 2014-08-18 07:59:20
Version Info:
Comments: 图片查看器程序CompanyName: 话语科技FileDescription: 图片查看器安装包程序FileVersion: 1, 0, 1, 4InternalName: InStallerLegalCopyright: 话语科技版权所有 (C) 2014LegalTrademarks: OriginalFilename: InStaller.EXEPrivateBuild: ProductName: 图片查看器ProductVersion: 1, 0, 1, 4SpecialBuild: Translation: 0x0804 0x04b0

PUP.Optional.Kuping also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Gobot.mqkp
Elastic	malicious (high confidence)
FireEye	Generic.mg.e5169a8b4b3711d2
CAT-QuickHeal	Downloader.Agent.22444
Zillya	Trojan.Black.Win32.42728
Sangfor	PUP.Win32.Kuping.V0vo
K7AntiVirus	Riskware ( 005292311 )
Alibaba	Malware:Win32/km_24f52.None
K7GW	Riskware ( 005292311 )
CrowdStrike	win/malicious_confidence_60% (D)
VirIT	Trojan.Win32.DownLoader12.BJPP
Cyren	W32/Zbot.RS.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kuping.J potentially unwanted
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Gobot.bmd
Tencent	Malware.Win32.Gencirc.114defdd
Comodo	Application.Win32.Kuping.B@6y68qo
DrWeb	Adware.Weiduan.18
TrendMicro	TROJ_GEN.R002C0PE522
McAfee-GW-Edition	RDN/Generic PUP.x
Trapmine	suspicious.low.ml.score
Sophos	Generic PUA AB (PUA)
GData	Win32.Trojan.Agent.OJMYM0
Jiangmin	Trojan.Gobot.g
ViRobot	Trojan.Win32.Z.Weiduan.1011712
Microsoft	PUA:Win32/Kuping
AhnLab-V3	Trojan/Win.Gobot.C5108271
Acronis	suspicious
McAfee	RDN/Generic PUP.x
VBA32	BScope.Trojan.Gobot
Malwarebytes	PUP.Optional.Kuping
TrendMicro-HouseCall	TROJ_GEN.R002C0PE522
Rising	Trojan.Generic@AI.100 (RDML:K5JXMJhr1QtZJm22DWC0lA)
Yandex	Trojan.Gobot!pBcGLVbgb7k
Ikarus	Trojan.Win32.Gobot
Fortinet	Riskware/Kuping
BitDefenderTheta	Gen:NN.ZexaE.34786.9q3@aenK4Lpb
Cybereason	malicious.b53216
Panda	Trj/Genetic.gen