Ser.Babar.1785 removal tips

The Ser.Babar.1785 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ser.Babar.1785 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ser.Babar.1785?


File Info:
name: 3D95C6A65998F30F5D67.mlw
path: /opt/CAPEv2/storage/binaries/df761c5a289aed0db03c8f0cf731981e1a4fae179d902213ea9c0baaed92e652
crc32: 3C6C3540
md5: 3d95c6a65998f30f5d67bb5decbb7bbc
sha1: 239fd6574b10064a9fd5033937a2a3ab935f5901
sha256: df761c5a289aed0db03c8f0cf731981e1a4fae179d902213ea9c0baaed92e652
sha512: b119b60c3f1d7d0522db5f49ef5920b4613c6b4254f54961b4acd96e6908446f9d2d4e949d08a0802123bb0ea395abecf5411a59242eaf9724284bdb14cdfc7e
ssdeep: 6144:d0ZHhnUjfSG/eto23uhih0Yv+cRqG45UreSWUwA:KqjfSG/eBsihFv+X5
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B724BE037A566469C961E478F0B392F0E6BE5D2633F56049370F30A677136BA13BA23D
sha3_384: fe892b753bce45afad77fed0487c72dd3a92955535a61049c1f54d24fe4f4e71e92d7fc576debc7f16dfbacafc17d8c6
ep_bytes: e874220000e9a4feffff8bff566a0168
timestamp: 2022-11-27 08:08:03

Version Info:
Comments: Claymore braincell kilotons grabs metier crunching
CompanyName: Sacked regulations inadvisable
FileDescription: Pretor unequalled murkier sheepishness cyclone misspells
FileVersion: 2.257.128.2
InternalName: Bush sewers
LegalCopyright: Copyright © Respectfully presumptuousness rationalisations dethrone pleasurably looser
LegalTrademarks: Dowdy peppers tackling shoplifted arrowroot
OriginalFilename: Peel impel
ProductName: Considerate
ProductVersion: 2.257.128.2
Translation: 0x081a 0x081a

Ser.Babar.1785 also known as:

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Gen:Variant.Ser.Babar.1785
CAT-QuickHeal	Ransomware.Tescrypt.WR5
Cylance	Unsafe
Cybereason	malicious.74b100
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HRPK
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender	Gen:Variant.Ser.Babar.1785
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Gen:Variant.Ser.Babar.1785
Sophos	ML/PE-A
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.3d95c6a65998f30f
Emsisoft	Gen:Variant.Ser.Babar.1785 (B)
SentinelOne	Static AI – Suspicious PE
Google	Detected
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Ser.Babar.1785
MAX	malware (ai score=82)
VBA32	BScope.TrojanPSW.RedLine
Rising	Backdoor.Agent!8.C5D (TFE:5:4aFwxn7josD)
Ikarus	Trojan.Win32.Crypt
BitDefenderTheta	Gen:NN.ZexaE.34796.nq0@ayGJ1Rdi
AVG	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_90% (D)

How to remove Ser.Babar.1785?

Ser.Babar.1785 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X