Malware

Win32/Bunndle potentially unsafe information

Malware Removal

The Win32/Bunndle potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Bunndle potentially unsafe virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Starts servers listening on 0.0.0.0:34210, :0, 127.0.0.1:10000
  • Enumerates running processes
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Detects the presence of Wine emulator via registry key
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings

How to determine Win32/Bunndle potentially unsafe?



File Info:

name: 07B4CC6A987AE0DDFE91.mlw
path: /opt/CAPEv2/storage/binaries/26f62715feeb3ce2b147515e2dbfcb28ed3ae0aae5dca612a5ac709f98736adb
crc32: E5AA4CAB
md5: 07b4cc6a987ae0ddfe918aa702bb8f07
sha1: 0920c2948ee2dbd3f9d64996ef30e3c654528838
sha256: 26f62715feeb3ce2b147515e2dbfcb28ed3ae0aae5dca612a5ac709f98736adb
sha512: 0c76f425565a047657ae32c51aa7942ca3982bfb4111c4baa6d30c766671ce55cfd83b72d39d9209acd5c200b9025f60983256be2ba720e8016a2852594a5176
ssdeep: 24576:XLaOTEi0rgS+K8Ps7W/Hpz9q1zF5mQ8+2Gw7V:XLaOTR0rgS+K8Psy/Hh9qdmb/h7V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC2512167608D482DEC9FAF0089299783E21BE463F855576368133FEBBF77032649978
sha3_384: 8145c55c00f959bcb21e0c02a5863ebab7e210891836b56f866a233f954461a156642697a0bb759e01c73e80b467c39d
ep_bytes: 60be00b05a008dbe0060e5ff5789e58d
timestamp: 2012-12-06 21:21:37


Version Info:

CompanyName: BitTorrent Inc.
FileDescription: µTorrent
FileVersion: 3.3.0.28583
InternalName: uTorrent.exe
OriginalFilename: uTorrent.exe
LegalCopyright: ©2012 BitTorrent, Inc. All Rights Reserved.
ProductName: µTorrent
ProductVersion: 3.3.0.28583
Translation: 0x0409 0x04e4

Win32/Bunndle potentially unsafe also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.07b4cc6a987ae0dd
CylanceUnsafe
ZillyaTrojan.Bunndle.Win32.289
SangforPUP.Win32.OpenCandy.F
K7AntiVirusUnwanted-Program ( 004b91c01 )
K7GWUnwanted-Program ( 004b91c01 )
CyrenW32/Application.QLCQ-2123
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/Bunndle potentially unsafe
NANO-AntivirusTrojan.Win32.Bunndle.izmzls
SophosGeneric ML PUA (PUA)
MaxSecureTrojan.Malware.121218.susgen
GDataWin32.Application.OpenCandy.F
CynetMalicious (score: 100)
VBA32BScope.TrojanSpy.Zbot
MalwarebytesPUP.Optional.BundleInstaller.UPX
SentinelOneStatic AI – Suspicious PE
FortinetRiskware/BitTorrent.PUP

How to remove Win32/Bunndle potentially unsafe?

Win32/Bunndle potentially unsafe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment