Categories: PUA

Win32:Bundlore-E [PUP] removal tips

The Win32:Bundlore-E [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32:Bundlore-E [PUP] virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Presents an Authenticode digital signature
Creates RWX memory
Expresses interest in specific running processes
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Deletes its original binary from disk
Installs an hook procedure to monitor for mouse events
Exhibits possible ransomware file modification behavior
Collects information about installed applications
Creates a hidden or system file
Attempts to modify proxy settings
Connects to an IRC server, possibly part of a botnet

Related domains:

post.securestudies.com

dpd.securestudies.com

How to determine Win32:Bundlore-E [PUP]?


File Info:
crc32: 65A9D159md5: 459c5f2fc90d4f4f2f62a59f8df2ce95name: 459C5F2FC90D4F4F2F62A59F8DF2CE95.mlwsha1: 4c642a489b8e897746fb6183e15bbbc396eaec1fsha256: dbf8254f22bceaa87c52389e172d9e7a202c1dcea2bad24ebd7a9469e499a9bcsha512: d0eab340563466f48b968f449f4823b047ac8a13d632a1152dd8b05054c8c05e30f5517492d27482aa87331c1d780e4e78d0d84a122b158afa730189ce0f1ec3ssdeep: 24576:W7blCAvaxitjXagAHx2HafwdT0ct0t2HY5F6lBxwg5CHL5l8M9w+NkwJG3RwgE32:W75zvm+WhR6Ufk7hGwx+Nmhpc/ojV3zHtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright xa9 1998-2017 KC Softwares                                                                  FileVersion: 2.7.1.58            CompanyName: KC Softwares                                                Comments: This installation was built with Inno Setup.ProductName: KC Softwares AVIToolbox                                     ProductVersion: 2.7.1.58                                          FileDescription: KC Softwares AVIToolbox Setup                               Translation: 0x0000 0x04b0

Win32:Bundlore-E [PUP] also known as:

K7AntiVirus	Trojan ( 0056e5201 )
Alibaba	AdWare:Win32/BundleLoader.f399276e
K7GW	Trojan ( 0056e5201 )
Avast	Win32:Bundlore-E [PUP]
Sophos	Generic PUA EM (PUA)
DrWeb	Trojan.DownLoader25.29029
McAfee-GW-Edition	Artemis
GData	Win32.Application.RelevantKnowledge.G
McAfee	Artemis!459C5F2FC90D
Malwarebytes	Generic.Malware/Suspicious
ESET-NOD32	multiple detections
Fortinet	Riskware/Agent
AVG	Win32:Bundlore-E [PUP]