Malware

Win32/GenCBL.BOR removal guide

Malware Removal

The Win32/GenCBL.BOR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenCBL.BOR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Collects information to fingerprint the system

How to determine Win32/GenCBL.BOR?



File Info:

name: 8B9470A4430FDF0907F6.mlw
path: /opt/CAPEv2/storage/binaries/bbd9f3c4b2d1cf6bee4e6ec8dd391f56c0f0c7b393d4eca86b99870d02a35416
crc32: 51B11C1C
md5: 8b9470a4430fdf0907f6e19c2526f607
sha1: 87244cce77b453777150deb5da49bae3b6f75fd0
sha256: bbd9f3c4b2d1cf6bee4e6ec8dd391f56c0f0c7b393d4eca86b99870d02a35416
sha512: 6b6562187effe91e56aa32645fd3764c04b81ddf8973a76f9439573aad27dc69f889843244aaa19e942fa14b8ca53d816dd9480be8c356acb0c013273da627aa
ssdeep: 49152:cm78xMc81uNuVliNi182q0lZvF2Y0b2/Toe:kIuNqi2rvcwo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14B95C0697603F2F3F023D23583AB7FC81DB5BF0A6B2850A1B6D842C6E766791065F584
sha3_384: 4c79f72329347b29c878d3df5793a1e5c78cba03c399695a73b17c91084b32d01a57bafdfbf6dc9a7f1e8a51a4da5009
ep_bytes: eb051a15f7ae1050eb0119e812000000
timestamp: 2022-01-19 10:29:28


Version Info:

CompanyName: Realtek Semiconductor Corp.
FileDescription: RTInstaller
FileVersion: 1.0.0.46
InternalName: RTInstaller
LegalCopyright: Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved. 
OriginalFilename: RTInstaller.exe
ProductName: RTInstaller
ProductVersion: 1.0.0.46
Translation: 0x0409 0x04b0

Win32/GenCBL.BOR also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.48305238
FireEyeGeneric.mg.8b9470a4430fdf09
CAT-QuickHealTrojan.IGENERIC
ALYacTrojan.GenericKD.48305238
MalwarebytesTrojan.MalPack.Obsidium
ZillyaTrojan.GenCBL.Win32.4769
SangforExploit.Win32.ShellCode.ml
K7AntiVirusTrojan ( 0058e3011 )
K7GWTrojan ( 0058e3011 )
BitDefenderThetaGen:NN.ZexaF.34212.3r3@auTYExij
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenCBL.BOR
TrendMicro-HouseCallTROJ_GEN.R003H0CAU22
BitDefenderTrojan.GenericKD.48305238
Ad-AwareTrojan.GenericKD.48305238
EmsisoftTrojan.GenericKD.48305238 (B)
ComodoMalware@#3ltt5iwst9hcg
McAfee-GW-EditionRaccoon-FEPI!8B9470A4430F
SophosMal/Generic-S
WebrootW32.Trojan.Gen
AviraTR/Agent.zmt
MAXmalware (ai score=82)
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftExploit:Win32/ShellCode!ml
GDataTrojan.GenericKD.48305238
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R469388
McAfeeRaccoon-FEPI!8B9470A4430F
VBA32BScope.Backdoor.Bladabindi
PandaTrj/Agent.ALS
APEXMalicious
RisingTrojan.GenCBL!8.12138 (CLOUD)
IkarusTrojan.Win32.Obsidium
FortinetPossibleThreat.MU
AVGWin32:Malware-gen
Cybereasonmalicious.e77b45
AvastWin32:Malware-gen

How to remove Win32/GenCBL.BOR?

Win32/GenCBL.BOR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment