Trojan

Trojan.Win32.Bublik.cbqm information

Malware Removal

The Trojan.Win32.Bublik.cbqm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Bublik.cbqm virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan.Win32.Bublik.cbqm?



File Info:

name: E3B3321273D825F439A6.mlw
path: /opt/CAPEv2/storage/binaries/b9b4690c2e5ec2cb1a1012a18a78c7b1094836609fcd1e2f05a550332c8c74e2
crc32: 0062DB9E
md5: e3b3321273d825f439a6f9d43ae0b785
sha1: ec32cb4574d0481f9087a0fef34049bd1d7f398c
sha256: b9b4690c2e5ec2cb1a1012a18a78c7b1094836609fcd1e2f05a550332c8c74e2
sha512: d0b04926c1e2284ff144fe4abfe190eed110b7c33c75d692df637f268746708af4d8e5244022a135168c746727366437f6604d884edaae7090bb3704992757a2
ssdeep: 192:/kwhMwb5ef6sxigujRwgQPN226+tFR+CXY3US0sczkVXfn9Xx6qSXH7Q8Wme9TaR:/kfug6zwgQP4J3390scAVP9IhX7Q/alT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T121B2533A5FD62EF2E777C6B244F7C2C2A433F261B10B075E93423B14096374AA994D99
sha3_384: 5448f41fe7e460d467431089e30d63aad7e99a45cbe5ff8daaab9fdbbc18f655b7faaa7a7a92553a185600e4b81f79e8
ep_bytes: 56e81f0700005ee9910a0000c3cccccc
timestamp: 2012-01-27 01:52:19


Version Info:

0: [No Data]

Trojan.Win32.Bublik.cbqm also known as:

BkavW32.FamVT.GeND.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.1603882
CAT-QuickHealTrojanDownloader.Upatre.A4
McAfeeDownloader-FSH
CylanceUnsafe
VIPRETrojan.Win32.Upatre.jr (v)
K7AntiVirusTrojan-Downloader ( 005609571 )
BitDefenderTrojan.GenericKD.1603882
K7GWTrojan-Downloader ( 005609571 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Trojan-Downloader.Waski.a
VirITTrojan.Win32.Generic.CGNK
CyrenW32/Trojan.WZQF-0021
SymantecDownloader.Upatre!gen5
ESET-NOD32Win32/TrojanDownloader.Waski.A
APEXMalicious
ClamAVWin.Trojan.Upatre-6130
KasperskyTrojan.Win32.Bublik.cbqm
NANO-AntivirusTrojan.Win32.Bublik.cvpllc
ViRobotTrojan.Win32.Downloader.16896.AMT
RisingDownloader.Waski!1.A489 (RDMK:cmRtazo+PaP4tyUEME1hQanQGcj7)
SophosML/PE-A + Troj/Upatre-BI
ComodoTrojWare.Win32.Bublik.CBTV@58idld
F-SecureTrojan.TR/Spy.Zbot.uejr
DrWebTrojan.DownLoad3.32258
ZillyaTrojan.Bublik.Win32.13310
TrendMicroTROJ_UPATRE.SMBB
McAfee-GW-EditionBehavesLike.Win32.Downloader.mm
FireEyeGeneric.mg.e3b3321273d825f4
EmsisoftTrojan.GenericKD.1603882 (B)
IkarusTrojan.Win32.Bublik
JiangminTrojan/Bublik.guk
AviraTR/Spy.Zbot.uejr
Antiy-AVLTrojan/Win32.Bublik
MicrosoftTrojanDownloader:Win32/Upatre.AA
SUPERAntiSpywareTrojan.Agent/Gen-KD
ZoneAlarmTrojan.Win32.Bublik.cbqm
GDataWin32.Trojan-Downloader.Upatre.BK
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R101069
BitDefenderThetaGen:NN.ZexaF.34182.bmX@a8h8Ruoi
ALYacTrojan.GenericKD.1603882
MAXmalware (ai score=89)
VBA32BScope.TrojanDownloader.Upatre
MalwarebytesMalware.AI.3186035322
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SMBB
TencentTrojan.Win32.Bublik.cbqm
YandexTrojan.Bublik!KtwwlSCqNkk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Upatre.BH!tr
AVGWin32:Agent-AUID [Trj]
Cybereasonmalicious.273d82
AvastWin32:Agent-AUID [Trj]

How to remove Trojan.Win32.Bublik.cbqm?

Trojan.Win32.Bublik.cbqm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment