Categories: Malware

Ser.Babar.663 removal tips

The Ser.Babar.663 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ser.Babar.663 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Presents an Authenticode digital signature
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
A process created a hidden window
Uses Windows utilities to enumerate running processes
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Detects BullGuard Antivirus through the presence of a library
Created a process from a suspicious location
Detects the presence of Windows Defender AV emulator via files
Detects Bochs through the presence of a registry key
Checks the version of Bios, possibly for anti-virtualization
Attempted to write directly to a physical drive
Collects information to fingerprint the system
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Ser.Babar.663?


File Info:
name: B940DE0C1D97D4E70AB2.mlwpath: /opt/CAPEv2/storage/binaries/5c1dfcf04363a87800dafb49fb05984766556db62c852c4ced7b786f5e12df5acrc32: BAE5DA5Fmd5: b940de0c1d97d4e70ab2a7b9bcce3c4csha1: 5803c014221811ee5c30bcbf7f67ffda1af7f376sha256: 5c1dfcf04363a87800dafb49fb05984766556db62c852c4ced7b786f5e12df5asha512: 6c48d90ea28be49d06aef7fc15c52dcf8312a8530b9eead239cd16d17691aada4a34eff7fcf59e6df142f1a3ce1c611cfb4fc19896bd3400cd584414bcd4f665ssdeep: 12288:dicN4nHUj2SGQnhYBRtpRWWUyr/Lh8rgV/KPXwzkQoTyJCwkWCfd0XswA:bN4nHLxQnhYfRVUI/tl4PXwzoTy8b0X4type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B7E41202B9E58176E1E627314E85BF3847FEE7B20471446B67AC020A9EA5BC2DF1D317sha3_384: d6a53870a697155b356126f8a3cb05e5a169c27e396eac98ceffd1db676ca0128ac7788ce3b0b294b160e6e318058f9aep_bytes: e8a3020000e957fdffffccff25846241timestamp: 2022-02-10 22:42:48
Version Info:
CompanyName: Oleg N. ScherbakovFileDescription: 7z Setup SFX (x86)FileVersion: 1.7.1.3901InternalName: 7ZSfxModLegalCopyright: Copyright © 2005-2016 Oleg N. ScherbakovOriginalFilename: 7ZSfxMod_x86.exePrivateBuild: October 31, 2017ProductName: 7-Zip SFXProductVersion: 1.7.1.3901Translation: 0x0000 0x04b0

Ser.Babar.663 also known as:

Lionic	Trojan.Multi.Generic.4!c
MicroWorld-eScan	Gen:Variant.Ser.Babar.663
FireEye	Gen:Variant.Ser.Babar.663
ALYac	Gen:Variant.Ser.Babar.663
Cylance	Unsafe
Sangfor	Riskware.Win32.Agent.ky
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Arcabit	Trojan.Ser.Babar.663
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.7Zip.Z
TrendMicro-HouseCall	TROJ_GEN.R002C0PBF22
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.Agent.myuhdf
BitDefender	Gen:Variant.Ser.Babar.663
Ad-Aware	Gen:Variant.Ser.Babar.663
Emsisoft	Gen:Variant.Ser.Babar.663 (B)
DrWeb	Trojan.MulDrop19.30667
TrendMicro	TROJ_GEN.R002C0PBF22
McAfee-GW-Edition	RDN/Generic Dropper
Sophos	Generic ML PUA (PUA)
APEX	Malicious
Jiangmin	Backdoor.Agent.lee
Gridinsoft	Ransom.Win32.Wacatac.sa
Microsoft	Trojan:Script/Phonzy.C!ml
ZoneAlarm	Backdoor.Win32.Agent.myuhdf
GData	Gen:Variant.Ser.Babar.663
AhnLab-V3	Dropper/Win.BackDoor.C4968566
McAfee	RDN/Generic Dropper
MAX	malware (ai score=82)
VBA32	Trojan.Wacatac
Panda	Trj/CI.A
Tencent	Win32.Backdoor.Agent.Pfiu
Ikarus	Trojan.Win32.7zip
Fortinet	W32/PossibleThreat
Webroot	W32.Malware.Gen
AVG	Win32:DropperX-gen [Drp]
Avast	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_60% (W)