PUA

Should I remove “RsMall (PUA)”?

Malware Removal

The RsMall (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RsMall (PUA) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine RsMall (PUA)?



File Info:

name: 9C5B33547BB60E7B7082.mlw
path: /opt/CAPEv2/storage/binaries/da81f6c47df8c0dfab54247caa9b2d00c76b60e378522169e94a07c3a5cb3f5e
crc32: CB61F80F
md5: 9c5b33547bb60e7b7082e53f4df28a9b
sha1: 2faa7657537f4fb034f7a0ee9dde0206d9513a0d
sha256: da81f6c47df8c0dfab54247caa9b2d00c76b60e378522169e94a07c3a5cb3f5e
sha512: 34ffd9c799791fde33fb1e6459bdc95d261351f0e4570c4647cda59cc07fbbf5caa6e94d22083329af4057c725e702cc4c9d9cdce5d23c36e24af2db5d7e3921
ssdeep: 1536:UiWilxhphnBlLQYEY2ngwhfhe2cJUu4YB14KIygQI+RZ7JDYRMv0P1C/+q2AE:UiWoP7lLQYENlfvKywTyihYRMU1S+uE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DF939E47A600D4F3D6E90170659FCFA846B2E285B5C1093687AB8C1F7EE33925B1F64E
sha3_384: b664bfe3ad7c74236498efca73cd2eef507176fdc8e2b60320ac522cfc15ca39f9d1a52a6400d4fc7e4afabd3737a674
ep_bytes: 5589e583ec18c7042402000000ff1554
timestamp: 2013-06-12 14:13:57


Version Info:

0: [No Data]

RsMall (PUA) also known as:

tehtrisGeneric.Malware
DrWebTrojan.LoadMoney.1
MicroWorld-eScanGen:Application.LoadMoney.1
ClamAVWin.Malware.Loadmoney-6795240-0
FireEyeGeneric.mg.9c5b33547bb60e7b
CAT-QuickHealPUA.LLCMail.DC7
McAfeeDownloader-FOV
Cylanceunsafe
ZillyaDownloader.LMNGen.Win32.8
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaDownloader:Win32/Kryptik.ae488535
K7GWTrojan ( 005690671 )
K7AntiVirusTrojan ( 0040f53f1 )
VirITTrojan.Win32.Cryptor.NK
CyrenW32/LoadMoney.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BWAI
APEXMalicious
CynetMalicious (score: 100)
Kasperskynot-a-virus:AdWare.Win32.LMN.apm
BitDefenderGen:Application.LoadMoney.1
SUPERAntiSpywareAdware.LoadMoney/Variant
AvastWin32:LoadMoney-ATG [Adw]
TencentAdware.Win32.Lmn.ya
EmsisoftGen:Application.LoadMoney.1 (B)
F-SecurePotentialRisk.PUA/LoadMoney.qoib
BaiduWin32.Trojan.Kryptik.dl
VIPREGen:Application.LoadMoney.1
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.nh
Trapminemalicious.high.ml.score
SophosRsMall (PUA)
IkarusPUA.Gen
GDataGen:Application.LoadMoney.1
JiangminTrojan/Generic.atwqf
AviraPUA/LoadMoney.qoib
Antiy-AVLTrojan[Downloader]/Win32.LMN
XcitiumTrojWare.Win32.Kryptik.AXJX@4vl4hu
ArcabitApplication.LoadMoney.1
ZoneAlarmnot-a-virus:AdWare.Win32.LMN.apm
MicrosoftProgram:Win32/Wacapew.C!ml
GoogleDetected
VBA32BScope.Downloader.LMN
ALYacGen:Application.LoadMoney.1
MAXmalware (ai score=100)
MalwarebytesCrypt.Trojan.Malicious.DDS
RisingTrojan.Agent!1.6956 (CLASSIC)
YandexTrojan.GenAsa!HyGEJZrzJjc
SentinelOneStatic AI – Suspicious PE
MaxSecurenot-a-virus:Downloader.LMN.a
FortinetW32/Generic.AC.6F6F!tr
AVGWin32:LoadMoney-ATG [Adw]
Cybereasonmalicious.47bb60
DeepInstinctMALICIOUS

How to remove RsMall (PUA)?

RsMall (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment