Malware

Win32/GenCBL.BQK removal instruction

Malware Removal

The Win32/GenCBL.BQK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/GenCBL.BQK virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the RedLine malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Win32/GenCBL.BQK?



File Info:

name: 2202BBE4E032A041CE6E.mlw
path: /opt/CAPEv2/storage/binaries/b076c6e4cfab266a4d447375f20a3ed61e8e295dd75009a2a7825cd70b37cf5e
crc32: 78157D3E
md5: 2202bbe4e032a041ce6e427f973505cd
sha1: 04e82eb30a43b28bb279f12a0145cba24db7e254
sha256: b076c6e4cfab266a4d447375f20a3ed61e8e295dd75009a2a7825cd70b37cf5e
sha512: ee040dd18181a31dcf9ff5b632cefa35ba5d34d0e101dafdee58453d1b1dac06e402341433d9a3047a1e05ca49e2a6e4e558856141bba8a1e2e0b8c94d535c1f
ssdeep: 49152:LBc9jrc7IO/JFl9onwOmm4BWTr1/lxqOMDLbJaFxKLRV:+Vrc7p/99onwOmm4ohq7QXKn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BC952343BE10D1EBFDBD0772B497E7322DE8686AF592606F7469A2123491B23005FD1E
sha3_384: 400cffb73dfa4465b40d4dd046d229563f3ac30242c35299469e22dd5f178e96018dc245e1ec64231abed3fe30046fcb
ep_bytes: eb0287a350eb05f225d59d12e8180000
timestamp: 2053-08-13 08:30:11


Version Info:

CompanyName: Mozilla Foundation
FileDescription: NSS S/MIME Library
FileVersion: 3.24 Basic ECC
InternalName: smime3
OriginalFilename: smime3.dll
ProductName: Network Security Services
ProductVersion: 3.24 Basic ECC
Translation: 0x0409 0x04b0

Win32/GenCBL.BQK also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Stealer.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38911796
FireEyeGeneric.mg.2202bbe4e032a041
ALYacTrojan.GenericKD.38911796
CylanceUnsafe
SangforSpyware.Win32.Stealer.bbxo
K7AntiVirusTrojan ( 0058e2591 )
AlibabaTrojanSpy:Win32/Stealer.d63b49ba
K7GWTrojan ( 0058e2591 )
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderThetaGen:NN.ZexaF.34212.4r3@a8ATCeni
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenCBL.BQK
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Obsidium-9938734-0
KasperskyTrojan-Spy.Win32.Stealer.bbxo
BitDefenderTrojan.GenericKD.38911796
TencentWin32.Trojan.Falsesign.Hmra
Ad-AwareTrojan.GenericKD.38911796
SophosMal/Generic-S
McAfee-GW-EditionArtemis!Trojan
EmsisoftTrojan.Agent (A)
GDataTrojan.GenericKD.38911796
eGambitUnsafe.AI_Score_89%
GridinsoftRansom.Win32.Sabsik.sa
ZoneAlarmTrojan-Spy.Win32.Stealer.bbxo
MicrosoftExploit:Win32/ShellCode!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R471385
Acronissuspicious
McAfeeArtemis!2202BBE4E032
MAXmalware (ai score=88)
VBA32BScope.Trojan.Occamy
MalwarebytesTrojan.MalPack.Obsidium
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002H09B722
RisingSpyware.Stealer!8.3090 (CLOUD)
IkarusTrojan.Win32.Obsidium
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Obsidium.FX!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen

How to remove Win32/GenCBL.BQK?

Win32/GenCBL.BQK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment