Risk

How to remove “RiskTool.Win32.FlyStudio.cxuf”?

Malware Removal

The RiskTool.Win32.FlyStudio.cxuf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What RiskTool.Win32.FlyStudio.cxuf virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine RiskTool.Win32.FlyStudio.cxuf?


File Info:

name: 8D7015A6D5C5CB1ABCA9.mlw
path: /opt/CAPEv2/storage/binaries/8b62265d6785b66e5c73884dc1a54ac3e6e187bcab6b48422aa7dbf356315d59
crc32: 892439C5
md5: 8d7015a6d5c5cb1abca99a623371f493
sha1: b4a885b8618b45e84730d04afd15d30d232db7cf
sha256: 8b62265d6785b66e5c73884dc1a54ac3e6e187bcab6b48422aa7dbf356315d59
sha512: 7914079f3e08e8c01ea25b39fcadea099f0bae7c195062fdb1769a053e76c2e304b70bd36d8c55d98d909776086ea05b3781f79e55b8f6d91544552bd719530a
ssdeep: 98304:o7QadBCFNNwtu4CGgTt4DFMML2MCCCCCC4Ab:oNBCFqPytowHAb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D6068D12F692C8E1D1581230C5A7D3F92636ED22CA308ED7A3D5FD663F326539D2624E
sha3_384: b56434bc4f500a97bc34f3f512812e52e7625c8e709102c3a2dccc7e43fad8f6548f62cd2c0a3622d915c61800198226
ep_bytes: 558bec6aff6808f7740068f481510064
timestamp: 2012-07-23 11:23:43

Version Info:

FileVersion: 2012.7.1.0
FileDescription: 给宝宝取个好名字就用新宝宝起名软件
ProductName: 新宝宝起名软件
ProductVersion: 2012.7.1.0
CompanyName: www.xbbqm.com
LegalCopyright: www.xbbqm.com 版权所有
Comments: 给宝宝取个好名字就用新宝宝起名软件
Translation: 0x0804 0x04b0

RiskTool.Win32.FlyStudio.cxuf also known as:

BkavW32.AIDetectMalware
LionicRiskware.Win32.FlyStudio.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.69680879
FireEyeGeneric.mg.8d7015a6d5c5cb1a
SkyhighBehavesLike.Win32.Generic.wh
McAfeeArtemis!8D7015A6D5C5
Cylanceunsafe
SangforRiskware.Win32.FlyStudio.Ve49
K7AntiVirusTrojan ( 005246d51 )
AlibabaRiskWare:Win32/FlyStudio.a99bd9a2
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.8618b4
ArcabitTrojan.Generic.D4273EEF
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Malware.Trojanx-9951053-0
Kasperskynot-a-virus:RiskTool.Win32.FlyStudio.cxuf
BitDefenderTrojan.GenericKD.69680879
AvastWin32:Malware-gen
SophosGeneric Reputation PUA (PUA)
VIPRETrojan.GenericKD.69680879
TrendMicroTROJ_GEN.R002C0WJE23
Trapminesuspicious.low.ml.score
EmsisoftTrojan.GenericKD.69680879 (B)
SentinelOneStatic AI – Malicious PE
JiangminRiskTool.FlyStudio.hqq
VaristW32/Trojan.CLL.gen!Eldorado
Antiy-AVLTrojan/Win32.FlyStudio.a
XcitiumTrojWare.Win32.Agent.OSCF@5rs7jr
MicrosoftProgram:Win32/Wacapew.C!ml
ZoneAlarmnot-a-virus:RiskTool.Win32.FlyStudio.cxuf
GDataWin32.Trojan.PSE.15EXSUN
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5506532
VBA32BScope.Trojan.Downloader
ALYacTrojan.GenericKD.69680879
MAXmalware (ai score=88)
MalwarebytesGeneric.Malware.AI.DDS
TrendMicro-HouseCallTROJ_GEN.R002C0WJE23
RisingDropper.Injector!8.DC (CLOUD)
IkarusVirus.Win32.OnLineGames
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/CoinMiner.PHP!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove RiskTool.Win32.FlyStudio.cxuf?

RiskTool.Win32.FlyStudio.cxuf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment