Adware

Win32/Adware.Cjishu.E malicious file

Malware Removal

The Win32/Adware.Cjishu.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Adware.Cjishu.E virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Adware.Cjishu.E?



File Info:

name: CAD180E0E8B72DDE6C21.mlw
path: /opt/CAPEv2/storage/binaries/28a5d909332eb15a85d3d0fabf62573b5c63a044f3a7950b8274ea6dbfc1544e
crc32: E8064232
md5: cad180e0e8b72dde6c21c1efe69667ef
sha1: a97726077d3aa42e779a0df0b5e5dc870e3392e6
sha256: 28a5d909332eb15a85d3d0fabf62573b5c63a044f3a7950b8274ea6dbfc1544e
sha512: 083f806dbf8bf451a01cf0928ff6cf72e74fa562834524eeca1f27cc367c632f48f2b0a78ac6ba9cf93d2cd298bdafd690c11930a1e5d203b526ef199524ad32
ssdeep: 24576:Yx9RppH2I5furbLpiS4LtrKHfXM8ANc6dwB+c+RVjtgX4boSW230hNN:GLHjWViJRmxhB+cV4bHWjx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FD55AE12F64291B2E9E302F496FA577F9939EA20072945C3D3C05E2959319E17F3F38A
sha3_384: 30880aa7d4440326da79be5a4c13b02fd879343e9eb4160a3c1ebc2d5251e05488756797e6b22623254f230b2e9ea6bc
ep_bytes: e836060000e949feffffff2530c54f00
timestamp: 2021-09-09 06:42:58


Version Info:

CompanyName: Anhui Aiqi Network Technology Co., Ltd
FileDescription: i - Zip ScreenSaver
FileVersion: 1.0.0.1
InternalName: iZipScre.exe
LegalCopyright: Copyright (C) 2020 izip Inc.
OriginalFilename: iZipScre.exe
ProductName: iZip
ProductVersion: 1.0.0.1
Translation: 0x0804 0x04b0

Win32/Adware.Cjishu.E also known as:

BkavW32.Common.2E6C41E7
Elasticmalicious (high confidence)
SkyhighArtemis
MalwarebytesPUP.Optional.ChinAd.DDS
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Adware.Cjishu.E
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.118d272c
F-SecureHeuristic.HEUR/AGEN.1303389
IkarusPUA.AnhuiAiq
AviraHEUR/AGEN.1303389
McAfeeArtemis!CAD180E0E8B7
Cylanceunsafe
RisingAdware.AdPop!1.B85F (CLASSIC)
FortinetAdware/Cjishu
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (D)

How to remove Win32/Adware.Cjishu.E?

Win32/Adware.Cjishu.E removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment