PUA

Should I remove “PUP.Optional.LsaDump”?

Malware Removal

The PUP.Optional.LsaDump is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUP.Optional.LsaDump virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine PUP.Optional.LsaDump?


File Info:

name: 992D34FE22A3CF0AD2F7.mlw
path: /opt/CAPEv2/storage/binaries/abc3ec4b8781d040d50a3436672bc36c06938575cb6a05b8729006859938b1bf
crc32: 83F87767
md5: 992d34fe22a3cf0ad2f75e13f072854b
sha1: 73a4f1701d3ac3666cf90dfb39bfab80ba16402b
sha256: abc3ec4b8781d040d50a3436672bc36c06938575cb6a05b8729006859938b1bf
sha512: 23ecaaed77cddb79b9476bd10ca7c79a96c1196eca3749976902484d60a61ff5157011952b48fac20d3704b25389956553cfd89cba32623e69d8dcf886783e79
ssdeep: 48:SUNtXtdZe3yYdL6kEiH5vIxwPt/GXTxDzuaLiDzHSeJY8JTaCUB:Z/Xt3e3z9pOutuXNDKGiDz9U
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T17571FBDF7E65E276C2A6423F96548D74348A3030C73F478B3DE4A18778AF0E11B59944
sha3_384: 398592fdb13c1cb1083820725e7b78da950497e06775427b09759f02b4a9ab2aff9791cf7ab1beebc85481abedad97d5
ep_bytes: 60be005040008dbe00c0ffff5783cdff
timestamp: 2004-11-20 07:24:31

Version Info:

0: [No Data]

PUP.Optional.LsaDump also known as:

LionicTrojan.Win32.Pwdump.4!c
MicroWorld-eScanApplication.Pwcrack.Pwdump.C
ClamAVWin.Trojan.Konix-3
FireEyeApplication.Pwcrack.Pwdump.C
ALYacApplication.Pwcrack.Pwdump.C
CylanceUnsafe
VIPREApplication.Pwcrack.Pwdump.C
K7AntiVirusUnwanted-Program ( 004d38111 )
K7GWUnwanted-Program ( 004d38111 )
Cybereasonmalicious.e22a3c
CyrenW32/Risk.RKCS-0078
SymantecSecurityRisk.BL
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/PSWTool.LsaDump.A potentially unsafe
APEXMalicious
BitDefenderApplication.Pwcrack.Pwdump.C
NANO-AntivirusTrojan.Win32.Pwdump.bubiw
Ad-AwareApplication.Pwcrack.Pwdump.C
TACHYONTrojan/W32.Small.16384.OM
EmsisoftApplication.Pwcrack.Pwdump.C (B)
ZillyaTrojan.PePatch.Win32.2418
TrendMicroHKTL_PASDUMP
McAfee-GW-EditionPWCrack-Pwdump.j
Trapminesuspicious.low.ml.score
SophosPWDump (PUA)
GDataApplication.Pwcrack.Pwdump.C
JiangminTrojanDownloader.Konix.r
Antiy-AVLTrojan/Generic.ASMalwS.3E
KingsoftWin32.Troj.Generic.(kcloud)
MicrosoftTrojan:Win32/Skeeyah
GoogleDetected
AhnLab-V3Win-AppCare/Passwordcrack.3584
McAfeePWCrack-Pwdump.j
MAXmalware (ai score=99)
MalwarebytesPUP.Optional.LsaDump
TrendMicro-HouseCallHKTL_PASDUMP
RisingTrojan.Tilken!8.F605 (CLOUD)
MaxSecureTrojan.Malware.1726159.susgen
FortinetW32/Konix.BI!tr.dldr
PandaGeneric Malware

How to remove PUP.Optional.LsaDump?

PUP.Optional.LsaDump removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment