Malware

Should I remove “Win32/GenCBL.BOG”?

Malware Removal

The Win32/GenCBL.BOG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenCBL.BOG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the RedLine malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Binary compilation timestomping detected

How to determine Win32/GenCBL.BOG?



File Info:

name: 00564774F644CFD31896.mlw
path: /opt/CAPEv2/storage/binaries/3c9b64956da35478a868baa421aa211a3a9802072e7aa8351dc8651f154427f1
crc32: 5AEB262D
md5: 00564774f644cfd31896166fec80da58
sha1: cf5a0080f3433395aeac6e501876f9e03f56fda7
sha256: 3c9b64956da35478a868baa421aa211a3a9802072e7aa8351dc8651f154427f1
sha512: de84e634d654e8a797c6bec7a439f58a92274debad6076994529bf565ebb89a6dd5b45ac1f8f7e12774ed4e905ee27f7c02dab4d6a2b6cc23116e4fc0b5d5617
ssdeep: 12288:2mKS8Tr2FxsHHam47eg4I5RD2laZdjeVPVFfnnonxuGYSg19vc0FyL:2m78ysHHV4P9jeVNFfoEuU9U0F4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15C255B687503F2F3F023D27A83AB7FC81CB57F05AA2850A2B6D872CAE736791555B444
sha3_384: 9b8ef52b25cc24134f9a8abdce9ac96721c733a4c3dfd991513f1ec4f9fbfe8c5d9faebbe27bd4aa60d06b15465a2299
ep_bytes: eb05ea6932d88950eb018fe812000000
timestamp: 2062-04-04 08:07:22


Version Info:

CompanyName: Realtek Semiconductor Corp.
FileDescription: RTInstaller
FileVersion: 1.0.0.46
InternalName: RTInstaller
LegalCopyright: Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved. 
OriginalFilename: RTInstaller.exe
ProductName: RTInstaller
ProductVersion: 1.0.0.46
Translation: 0x0409 0x04b0

Win32/GenCBL.BOG also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.00564774f644cfd3
CAT-QuickHealTrojanSpy.Stealer
McAfeeRDN/Generic PWS.y
CylanceUnsafe
SangforSpyware.Win32.Stealer.baem
K7AntiVirusTrojan ( 0058d7a51 )
BitDefenderTrojan.GenericKD.48093890
K7GWTrojan ( 0058d7a51 )
Cybereasonmalicious.0f3433
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenCBL.BOG
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Stealer.baem
MicroWorld-eScanTrojan.GenericKD.48093890
AvastWin32:DangerousSig [Trj]
TencentWin32.Trojan.Falsesign.Bxm
Ad-AwareTrojan.GenericKD.48093890
SophosMal/Generic-S
ComodoMalware@#3kwg3odn0ive2
DrWebTrojan.PWS.Steam.25142
ZillyaTrojan.GenCBL.Win32.4790
TrendMicroTROJ_GEN.R032C0WAS22
EmsisoftTrojan.GenericKD.48093890 (B)
GDataTrojan.GenericKD.48093890
WebrootW32.Trojan.Gen
AviraTR/Spy.Stealer.icukp
GridinsoftMalware.Win32.GenericMC.cc
ZoneAlarmTrojan-Spy.Win32.Stealer.baem
MicrosoftExploit:Win32/ShellCode!ml
TACHYONTrojan-Spy/W32.InfoStealer.1032392
AhnLab-V3Trojan/Win.Generic.R469388
BitDefenderThetaGen:NN.ZexaF.34232.@q3@auRA8Mkj
ALYacTrojan.GenericKD.48093890
MAXmalware (ai score=87)
VBA32BScope.Backdoor.Bladabindi
MalwarebytesTrojan.MalPack.Obsidium
TrendMicro-HouseCallTROJ_GEN.R032C0WAS22
RisingSpyware.Stealer!8.3090 (CLOUD)
IkarusTrojan.Win32.Obsidium
FortinetW32/GenCBL.BOG!tr
AVGWin32:DangerousSig [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.139161371.susgen

How to remove Win32/GenCBL.BOG?

Win32/GenCBL.BOG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment