Trojan

Trojan.Win32.Bublik.dtoy removal

Malware Removal

The Trojan.Win32.Bublik.dtoy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Bublik.dtoy virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Creates a copy of itself
  • Deletes executed files from disk
  • Writes to the spooler folder, potential vulnerability or printer driver install

How to determine Trojan.Win32.Bublik.dtoy?



File Info:

name: E3F292A51A47033B281C.mlw
path: /opt/CAPEv2/storage/binaries/b207df6cf7d18378c67fbf58903d901322ee76577439eb16276e9a4f2b17b270
crc32: 2258F3AA
md5: e3f292a51a47033b281c3ec066dbf199
sha1: d94f4bf8034d172d0a87c51a75a36e670ce3d77a
sha256: b207df6cf7d18378c67fbf58903d901322ee76577439eb16276e9a4f2b17b270
sha512: 683e6c34a9d62fa4635cf69e0f67c9b1f8f608cb61ff75b0414bbfd4b1442fb86eaabcfc97adad18a1a51ca2692d8ecaa614f0e65faa03880234701c48d4b09d
ssdeep: 768:XzrVzCjTITsprRm3P+F+TGdAK6gdzi1q/C/xg7qgBmrjf9WHt+CFgRqR/PXU:X1WTwsHm/MgQ/C5g7nBif9ut+CFf/Pk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CF638E6667C800EAFABB6A30366F573AD977BE491615D9CB1770CC741C32B90E42834B
sha3_384: 99059b8502b3f2d6ab748edf8f48ee79a48cd2c884dc076ec3cf573e4b73a518437d5b9f360fb0909562ac7583d6b9dd
ep_bytes: 6814888ef2e9527d000080e03cff3407
timestamp: 2009-09-17 10:27:07


Version Info:

Comments: 
CompanyName: Microsoft
FileDescription: PTMP
FileVersion: 1, 0, 1, 9
InternalName: PTMP
LegalCopyright: 版权所有 BrainWork(C) 2008
LegalTrademarks: 
OriginalFilename: PTMP
PrivateBuild: 
ProductName: 中华楼 ptmp
ProductVersion: 1, 0, 1, 9
SpecialBuild: 20090827
Translation: 0x0804 0x04b0

Trojan.Win32.Bublik.dtoy also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.ey0@uGD@0uob
McAfeeGeneric Malware.ja
CylanceUnsafe
VIPREGen:Trojan.Heur.ey0@uGD@0uob
SangforTrojan.Win32.FKM.Gen
AlibabaTrojan:Win32/Bublik.86432f90
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Heuristic-162!Eldorado
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Bublik.dtoy
BitDefenderGen:Trojan.Heur.ey0@uGD@0uob
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Trojan-gen
Ad-AwareGen:Trojan.Heur.ey0@uGD@0uob
EmsisoftGen:Trojan.Heur.ey0@uGD@0uob (B)
ComodoMalware@#3gi7azkwjumu5
DrWebTrojan.MulDrop.43571
ZillyaTrojan.Genome.Win32.63325
TrendMicroTROJ_GEN.R03BC0PIS22
McAfee-GW-EditionGeneric Malware.ja
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.e3f292a51a47033b
SophosMal/Behav-160
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.ey0@uGD@0uob
WebrootW32.Orsam.Gen
AviraTR/Crypt.FKM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.330C
ArcabitTrojan.Heur.E52B29
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
Acronissuspicious
VBA32BScope.Trojan.Bublik
ALYacGen:Trojan.Heur.ey0@uGD@0uob
MAXmalware (ai score=100)
MalwarebytesMalware.Heuristic.1001
TrendMicro-HouseCallTROJ_GEN.R03BC0PIS22
RisingTrojan.Bublik!8.2E1 (CLOUD)
YandexTrojan.Bublik!/ZdNI1sCStw
IkarusTrojan.Crypt
MaxSecureTrojan.Malware.1356576.susgen
FortinetW32/Packcav.ERY!tr
BitDefenderThetaAI:Packer.22180C9B1C
AVGWin32:Trojan-gen
Cybereasonmalicious.51a470
PandaGeneric Malware

How to remove Trojan.Win32.Bublik.dtoy?

Trojan.Win32.Bublik.dtoy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment