PUA

SFX:Hosts-A [PUP] removal

Malware Removal

The SFX:Hosts-A [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What SFX:Hosts-A [PUP] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • The sample wrote data to the system hosts file.

How to determine SFX:Hosts-A [PUP]?



File Info:

name: 9AC5CEA319B0EED7F729.mlw
path: /opt/CAPEv2/storage/binaries/efd0739dc328193724e8763fe2f1a6357a58b7e8034472573a1da0f5d05a40f5
crc32: 5405D36E
md5: 9ac5cea319b0eed7f7296a2e470423ef
sha1: a379a677a03975fbb6d6153a4622a31ed1aba20f
sha256: efd0739dc328193724e8763fe2f1a6357a58b7e8034472573a1da0f5d05a40f5
sha512: 178b2adad03badb0500309cb76d21395758b4cb7925750762bc8761bd04a9b9a6b0cc3800ef8ce4bb1fc856967651e5ecfc2beb66a6ed3403e85b5ad9fc7989e
ssdeep: 24576:QAOcZ5AJa/xO6scWhrDBTvQIPLt0VwiF663DrdUrbTm35trdKatrbvdc5XZV0uA:O2Ths/xDBnJ5cvxHdJbvsXZV03
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1406502E17183CB73EB620577062DA23919BC3C231E69890993853DECDE33736DA15679
sha3_384: 2eff92f75f72394a943c752d16dab6683452e3aa5307721f471d1d223155f73ad2b46725e28ce9f4c02ba31f5bf1306c
ep_bytes: e89a040000e98efeffff3b0d68d64300
timestamp: 2020-03-26 10:02:47


Version Info:

0: [No Data]

SFX:Hosts-A [PUP] also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.46691493
FireEyeGeneric.mg.9ac5cea319b0eed7
K7AntiVirusTrojan-Downloader ( 005723dd1 )
BitDefenderTrojan.GenericKD.46691493
K7GWTrojan-Downloader ( 005723dd1 )
Cybereasonmalicious.7a0397
CyrenW32/S-536dd2d1!Eldorado
AvastSFX:Hosts-A [PUP]
EmsisoftTrojan.GenericKD.46691493 (B)
SophosGeneric ML PUA (PUA)
APEXMalicious
MAXmalware (ai score=85)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataTrojan.GenericKD.46691493
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R355261
ALYacTrojan.GenericKD.46691493
MalwarebytesMalware.AI.2237169078

How to remove SFX:Hosts-A [PUP]?

SFX:Hosts-A [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment