Malware

How to remove “Win32:GetProperFun-A [Adw]”?

Malware Removal

The Win32:GetProperFun-A [Adw] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:GetProperFun-A [Adw] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Created a process from a suspicious location

How to determine Win32:GetProperFun-A [Adw]?



File Info:

name: EC38A3B17551A2982429.mlw
path: /opt/CAPEv2/storage/binaries/9398f8ec303998447de46a4ebacc735a0bb3530f13b061f6afdd10d0204bcbb7
crc32: EBC96E58
md5: ec38a3b17551a29824295b2686bd02e4
sha1: c87ac0ca489f795b3cf365a50c7dc96cd62d3f65
sha256: 9398f8ec303998447de46a4ebacc735a0bb3530f13b061f6afdd10d0204bcbb7
sha512: 6d868a1631b99e51cd2281b20246318fd57e7a83c45d946f35cd681916e92a806530c75343692a0652f26b568b2f1e744b330a18f3db0c66007a57e38b19815f
ssdeep: 49152:eiXor6k9wac6jDJSPc3+CJ77s9xPaVKYT3d1BMBT:elr6ajDJQcuCJ77s9wVVN1WBT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T173A5335A37F15A61E4570DB0623AD113AC2FFC21BCB0962DAB59FEDE7630503182876B
sha3_384: 75d8bb3aaa71df229acba8745416fa65ee8391c49f89abddfbab3f9183ba4c73ff86a4d7ff2400e658ae83b13cdee375
ep_bytes: 81ecd4020000535556576a2033ed5e89
timestamp: 2012-02-24 19:20:04


Version Info:

Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.1.0.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2012 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.1.0.0
Translation: 0x0409 0x04e4

Win32:GetProperFun-A [Adw] also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.34114353
McAfeeArtemis!EC38A3B17551
MalwarebytesMalware.AI.3911038580
ZillyaAdware.DomaIQ.Win32.171
K7AntiVirusTrojan-Downloader ( 0049ff9b1 )
AlibabaTrojanDropper:Win32/GetProperFun.8f83b34f
K7GWTrojan-Downloader ( 0049ff9b1 )
Cybereasonmalicious.17551a
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.VB.QNP
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Ransomware.Sodinokibi-9887839-0
KasperskyTrojan-Dropper.Win32.NSIS.wyl
BitDefenderTrojan.GenericKD.34114353
NANO-AntivirusTrojan.Win32.VB.demeaa
AvastWin32:GetProperFun-A [Adw]
Ad-AwareTrojan.GenericKD.34114353
SophosMal/Generic-S
DrWebTrojan.DownLoader11.46155
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftTrojan.GenericKD.34114353 (B)
GDataTrojan.GenericKD.34114353
KingsoftWin32.Troj.NSIS.w.(kcloud)
GridinsoftRansom.Win32.Sodinokibi.sa
ViRobotTrojan.Win32.Z.Agent.2133588
MicrosoftTrojan:Win32/Dynamer!ac
AhnLab-V3PUP/Win32.Helper.R346731
ALYacTrojan.GenericKD.34114353
MAXmalware (ai score=87)
VBA32TrojanDropper.auup
TrendMicro-HouseCallTROJ_GEN.R002H0CKT21
TencentWin32.Trojan-dropper.Nsis.Akyq
YandexTrojan.DR.NSIS!EggajmQ7KeM
AVGWin32:GetProperFun-A [Adw]
PandaTrj/Genetic.gen

How to remove Win32:GetProperFun-A [Adw]?

Win32:GetProperFun-A [Adw] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment