PUA

Win32:Bundlore-E [PUP] removal tips

Malware Removal

The Win32:Bundlore-E [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Bundlore-E [PUP] virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Installs an hook procedure to monitor for mouse events
  • Exhibits possible ransomware file modification behavior
  • Collects information about installed applications
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Connects to an IRC server, possibly part of a botnet

Related domains:

post.securestudies.com
dpd.securestudies.com

How to determine Win32:Bundlore-E [PUP]?



File Info:

crc32: 65A9D159
md5: 459c5f2fc90d4f4f2f62a59f8df2ce95
name: 459C5F2FC90D4F4F2F62A59F8DF2CE95.mlw
sha1: 4c642a489b8e897746fb6183e15bbbc396eaec1f
sha256: dbf8254f22bceaa87c52389e172d9e7a202c1dcea2bad24ebd7a9469e499a9bc
sha512: d0eab340563466f48b968f449f4823b047ac8a13d632a1152dd8b05054c8c05e30f5517492d27482aa87331c1d780e4e78d0d84a122b158afa730189ce0f1ec3
ssdeep: 24576:W7blCAvaxitjXagAHx2HafwdT0ct0t2HY5F6lBxwg5CHL5l8M9w+NkwJG3RwgE32:W75zvm+WhR6Ufk7hGwx+Nmhpc/ojV3zH
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 1998-2017 KC Softwares                                                                  
FileVersion: 2.7.1.58            
CompanyName: KC Softwares                                                
Comments: This installation was built with Inno Setup.
ProductName: KC Softwares AVIToolbox                                     
ProductVersion: 2.7.1.58                                          
FileDescription: KC Softwares AVIToolbox Setup                               
Translation: 0x0000 0x04b0

Win32:Bundlore-E [PUP] also known as:

K7AntiVirusTrojan ( 0056e5201 )
AlibabaAdWare:Win32/BundleLoader.f399276e
K7GWTrojan ( 0056e5201 )
AvastWin32:Bundlore-E [PUP]
SophosGeneric PUA EM (PUA)
DrWebTrojan.DownLoader25.29029
McAfee-GW-EditionArtemis
GDataWin32.Application.RelevantKnowledge.G
McAfeeArtemis!459C5F2FC90D
MalwarebytesGeneric.Malware/Suspicious
ESET-NOD32multiple detections
FortinetRiskware/Agent
AVGWin32:Bundlore-E [PUP]

How to remove Win32:Bundlore-E [PUP]?

Win32:Bundlore-E [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment