Malware

Uztub.21 removal tips

Malware Removal

The Uztub.21 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Uztub.21 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information to fingerprint the system

How to determine Uztub.21?



File Info:

name: 80724CB114CC1EDC404F.mlw
path: /opt/CAPEv2/storage/binaries/84889c284ceba04dbd1c01850513d63737cbd91d71689fb69266c7422fc87827
crc32: CD7478D8
md5: 80724cb114cc1edc404f402a7663f660
sha1: 866d137c5c83af75f362ca63e96e7572ed0de98c
sha256: 84889c284ceba04dbd1c01850513d63737cbd91d71689fb69266c7422fc87827
sha512: 228d3233a690bd09c31179581a14c6e88dee69b813e97a93628b551fe6f5437d125852ac6fce2c7826ab5fc8f612ee645b1a8779986c1ec805f8e1e13f250d1f
ssdeep: 1536:D49ZpoqTPKG795JPLbBfMZ71Mk10s3C48EtBMzaWhw3aZIhwENWKF9Gf1BQrLQr:D4hZjLCl2y98Etuxh2uOVA1BQr8r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14BD3C011F7D0E8A2E0510B328C07D6BC97E1BE51E965825736D09F8F6CB7258AE37B42
sha3_384: 4d64281236eca725d2af902c206be0544a84b73b89d6a5edea8b15fb0ea30483d4be75b6fafce8d9ad2bbec97455fda2
ep_bytes: 53515256c8800000c7458001000000e8
timestamp: 2010-06-06 22:41:19


Version Info:

0: [No Data]

Uztub.21 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Uztub.21
FireEyeGeneric.mg.80724cb114cc1edc
CAT-QuickHealTrojanDropper.Gepys.A
McAfeeDropper-FGD!80724CB114CC
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.382938
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f4c81 )
BitDefenderGen:Variant.Uztub.21
K7GWTrojan ( 0040f4c81 )
Cybereasonmalicious.114cc1
ArcabitTrojan.Uztub.21
VirITTrojan.Win32.Generic.APNT
CyrenW32/Gepys.AB.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.BCUI
APEXMalicious
ClamAVWin.Trojan.Kryptik-2155
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Mods.cqkxlz
RisingTrojan.Generic@AI.100 (RDML:7wee06Gj8olSs5skhNlsWQ)
Ad-AwareGen:Variant.Uztub.21
SophosML/PE-A + Troj/Tepfer-U
ComodoTrojWare.Win32.ShipUp.CJA@4yldz1
DrWebTrojan.Mods.1
VIPREGen:Variant.Uztub.21
McAfee-GW-EditionBehavesLike.Win32.Dropper.ch
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Uztub.21 (B)
IkarusTrojan.Dropper.Gepys
JiangminTrojan/Generic.axdit
AviraTR/Crypt.ZPACK.Gen7
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.24D
MicrosoftTrojan:Win32/Zbot.SIBL!MTB
GDataGen:Variant.Uztub.21
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Tepfer.R68916
BitDefenderThetaGen:NN.ZexaF.34786.iuX@aaTIqnd
ALYacGen:Variant.Uztub.21
VBA32Trojan.Redirect
MalwarebytesTrojan.Agent.RRE
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10b77887
YandexTrojan.GenAsa!YQperpbFlVs
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.BCX!tr
AVGWin32:Kryptik-LYH [Trj]
AvastWin32:Kryptik-LYH [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Uztub.21?

Uztub.21 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment