Virus

Virus:Win32/Rungbu!C malicious file

Malware Removal

The Virus:Win32/Rungbu!C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virus:Win32/Rungbu!C virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executes the printer spooler process
  • Executable file is packed/obfuscated with ASPack
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Virus:Win32/Rungbu!C?


File Info:

name: F0208D7368BD89902DEA.mlw
path: /opt/CAPEv2/storage/binaries/7aecff42ddb0880aeb30789816c149657a2032887d9b64d9228f498c7978067e
crc32: F4ED1F9B
md5: f0208d7368bd89902dead0d2d08fe32e
sha1: 4f5f0ee6dafa8ec22a0e9c394e39a45ce2182182
sha256: 7aecff42ddb0880aeb30789816c149657a2032887d9b64d9228f498c7978067e
sha512: ebab4389806ace25e9145b8079b88f3515f54c88a26eb8f2c7434ed4e4cd865bf1522c9c241f14c1f24fabbc84cee8e0994b855500f082ce54e0ee7216dc4c56
ssdeep: 1536:71sMveb4lR0daHy9v7Zc86y9U4AFRfBWAEnL:BDeb4T0daHy9DZc86yGUtnL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15093391B73CC6857D99B2B3A65E7D2B896237D5F9B438B472054323E2C31F012D2B652
sha3_384: 791ce77dbfa27efe0edb612c4501176dfe146ef02da9393a65489b30214c99dc8854bd046b3d05664e918109930bf584
ep_bytes: 68c0354000e8eeffffff000000000000
timestamp: 2006-06-07 16:04:08

Version Info:

Translation: 0x0409 0x04b0
Comments:
CompanyName: Raven Teams
FileDescription: Document Bug's Live
LegalCopyright: Raven Team 2006
LegalTrademarks: Lame Microsoft
ProductName: Microsoft or Linux?
FileVersion: 7.07.0007
ProductVersion: 7.07.0007
InternalName: H5N1
OriginalFilename: H5N1.exe

Virus:Win32/Rungbu!C also known as:

BkavW32.AIDetectMalware
AVGWin32:Trojan-gen
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.117202
FireEyeGeneric.mg.f0208d7368bd8990
SkyhighBehavesLike.Win32.Rungbu.mt
McAfeeW32/Rungbu
Cylanceunsafe
ZillyaWorm.VB.Win32.9934
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
BitDefenderThetaAI:Packer.5D0729CA1F
SymantecW32.Rungbu
ESET-NOD32Win32/VB.NHV
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Worm.Rungbu-9949706-0
KasperskyWorm.Win32.VB.nx
BitDefenderGen:Variant.Tedy.117202
NANO-AntivirusTrojan.Win32.VB.bstug
SUPERAntiSpywareTrojan.Agent/Gen-Falleg[T]
AvastWin32:Trojan-gen
TencentWorm.Win32.Vobfus.r
EmsisoftGen:Variant.Tedy.117202 (B)
BaiduWin32.Trojan.Begolu.a
F-SecureTrojan.TR/VB.BKB.1
DrWebWin32.HLLW.Adeka
VIPREGen:Variant.Tedy.117202
TrendMicroTROJ_GEN.R03BC0CE124
Trapminemalicious.high.ml.score
SophosMal/Behav-127
IkarusWorm.Win32.VB
JiangminWorm/VB.dkv
WebrootW32.Worm.Gen
VaristW32/VBKrypt.BLQ.gen!Eldorado
AviraTR/VB.BKB.1
Antiy-AVLTrojan/Win32.VB.nhv
MicrosoftVirus:Win32/Rungbu.gen!C
ArcabitTrojan.Tedy.D1C9D2
ViRobotWorm.Win32.A.VB.91648.A
ZoneAlarmWorm.Win32.VB.nx
GDataWin32.Virus.Rungflu.A
GoogleDetected
AhnLab-V3Worm/Win.VB.R489678
VBA32TScope.Trojan.VB
ALYacGen:Variant.Tedy.117202
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Agent.HSV
TrendMicro-HouseCallTROJ_GEN.R03BC0CE124
RisingMalware.Undefined!8.C (TFE:3:WwB647TxmwP)
YandexTrojan.GenAsa!udVToPk9Bo0
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.1717409.susgen
FortinetW32/VB.DU!worm
ZonerTrojan.Win32.33052
DeepInstinctMALICIOUS

How to remove Virus:Win32/Rungbu!C?

Virus:Win32/Rungbu!C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment