Categories: Malware

Win32/InstallMonstr.UL potentially unwanted malicious file

The Win32/InstallMonstr.UL potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/InstallMonstr.UL potentially unwanted virus can do?

A file was accessed within the Public folder.
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
CAPE detected the embedded win api malware family
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Accessed credential storage registry keys
Touches a file containing cookies, possibly for information gathering
Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/InstallMonstr.UL potentially unwanted?


File Info:
name: 76F6A08684C6AA5226E0.mlwpath: /opt/CAPEv2/storage/binaries/f00aa35f8ee428d828b7be804cce5ef088ecd90339d7c07f40374439003254eccrc32: 0F411DA8md5: 76f6a08684c6aa5226e006d037727f60sha1: 06fb6e17c6e3180d542247af52ae653b71e19b17sha256: f00aa35f8ee428d828b7be804cce5ef088ecd90339d7c07f40374439003254ecsha512: 0e7a4519e35be8093e269209fb00c01b601dcd65421f78a7721175b1b7202a8d937057c8c0eed0977a3aad9a09e773955a6f058bb64c2bdfcfc0a1e1c614b078ssdeep: 98304:GHDh813UdoasOybcHlLOHQ495VKcgtx5WqDrZ/JS:51kd7spYVD49GcCZ/JStype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1CD06338B47194DACE97DF3B3A9035D749818EF012C77CA4244DEFAB15934A836B32B45sha3_384: 0ffc4befcfa0488da9a0fcec20451b8632bf339a308ceb03ce0dc0a003e267ae99913bd5ef0b312c696850d926a29b0fep_bytes: 60be00904a018dbe0080a5ff5783cdfftimestamp: 2017-11-28 10:42:15
Version Info:
InternalName: zzzzzzLegalCopyright: aaaaaaaLegalTrademarks: ddddddddOriginalFilename: eeeeeeeProductName: ewwwwwwwwProductVersion: 1.4.22.6Comments: ttttttttFileVersion: 5.2.7.260Translation: 0x045e 0x0000

Win32/InstallMonstr.UL potentially unwanted also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Inject.4!c
Elastic	malicious (moderate confidence)
DrWeb	Trojan.InstallMonster.1549
MicroWorld-eScan	Gen:Variant.Application.Bundler.InstallMonster.397
FireEye	Generic.mg.76f6a08684c6aa52
CAT-QuickHeal	Trojan.Resoric.ZZ11
Skyhigh	BehavesLike.Win32.Generic.wc
McAfee	Adware-IMonster
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Application.Bundler.InstallMonster.397
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Adware ( 0052cbe61 )
K7GW	Adware ( 0052cbe61 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Application.Bundler.InstallMonster.397
BitDefenderTheta	AI:Packer.5D49C84216
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/InstallMonstr.UL potentially unwanted
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Trojan.Win32.Inject.ahqtx
BitDefender	Gen:Variant.Application.Bundler.InstallMonster.397
NANO-Antivirus	Trojan.Win32.InstallMonster.evrlju
Avast	Win32:Adware-gen [Adw]
Tencent	Trojan.Win32.Inject.zf
Emsisoft	Gen:Variant.Application.Bundler.InstallMonster.397 (B)
F-Secure	Trojan.TR/Fraud.Gen7
Zillya	Adware.Agent.Win32.136470
Trapmine	malicious.high.ml.score
Sophos	Install Monster (PUA)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Inject.acms
Varist	W32/AdAgent.AX.gen!Eldorado
Avira	TR/Fraud.Gen7
MAX	malware (ai score=71)
Antiy-AVL	Trojan/Win32.Inject
Xcitium	Application.Win32.InstallMonster.RD@7eyvzt
Microsoft	SoftwareBundler:Win32/InstallMonster
ZoneAlarm	Trojan.Win32.Inject.ahqtx
GData	Gen:Variant.Application.Bundler.InstallMonster.397
Google	Detected
AhnLab-V3	PUP/Win32.InstMonster.R214228
VBA32	TScope.Trojan.Delf
ALYac	Gen:Variant.Application.Bundler.InstallMonster.397
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Inject!8.103 (CLOUD)
Yandex	Trojan.GenAsa!Fo30DAdASco
Ikarus	PUA.InstallMonstr.Up
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.CTWA!tr
AVG	Win32:Adware-gen [Adw]
DeepInstinct	MALICIOUS