PUA

How to remove “Win32:LoadMoney-AGH [PUP]”?

Malware Removal

The Win32:LoadMoney-AGH [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:LoadMoney-AGH [PUP] virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Win32:LoadMoney-AGH [PUP]?



File Info:

name: CDBE9B0FE8363466B9B0.mlw
path: /opt/CAPEv2/storage/binaries/d847488b9b5810bbe53184df80eea3fc8a700569828816e18aff5756db5fb429
crc32: B490D893
md5: cdbe9b0fe8363466b9b00c08b80d1c64
sha1: 89732fd633b2b5f42f3ed8ea52e458e726c28659
sha256: d847488b9b5810bbe53184df80eea3fc8a700569828816e18aff5756db5fb429
sha512: e75a6ec2109869953d56a5d22787d38130a409ba1a54321a4a911171cbd62b692a8cae571b293140332760c62bf88137cd4009fb749fa7aedb5de1a206311147
ssdeep: 768:q2DUwYfXOhLW0WkWMtmBVuLZKVW6Dhfi2l/vH9Nw0NIUMpcnMFsPF1IKfD2MU0lz:w/vsW0WkWHVwZMi2l/3IPAMQIUpH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A4532A06FA41F037D42244326859A7F612B47E302616541FBB883E2FB6F67F2EA19357
sha3_384: 4772c458141576ebf515275969cce57e059fe61c2291181efc6b65fd465c9b1b8534d489c10b89789de19d938a8e5cfe
ep_bytes: 558bec51518365fc008d45fc50ff1574
timestamp: 2012-12-24 13:42:47


Version Info:

FileDescription: Downloader
FileVersion: 1, 0, 0, 0
InternalName: Downloader
LegalCopyright: Copyright c 2005 - 2012
OriginalFilename: Downloader.exe
ProductName: Downloader
ProductVersion: 1, 0, 0, 0
Translation: 0x0419 0x04e3

Win32:LoadMoney-AGH [PUP] also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Genome.lKgm
AVGWin32:LoadMoney-AGH [PUP]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Application.LoadMoney.589
FireEyeGeneric.mg.cdbe9b0fe8363466
CAT-QuickHealTrojan.Downloader.Agent.VF5
SkyhighPUP-FFK
McAfeePUP-FFK
Cylanceunsafe
ZillyaDownloader.Agent.Win32.155957
SangforTrojan.Win32.Save.a
K7GWDialer ( 0040f5991 )
K7AntiVirusDialer ( 0040f5991 )
BaiduWin32.Adware.Generic.ar
SymantecSMG.Heur!gen
ESET-NOD32Win32/LoadMoney.A potentially unwanted
CynetMalicious (score: 99)
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Downloader-3802
Kasperskynot-a-virus:Downloader.Win32.LMN.e
BitDefenderGen:Variant.Application.LoadMoney.589
NANO-AntivirusTrojan.Win32.LMN.crokry
AvastWin32:LoadMoney-AGH [PUP]
RisingDownloader.Small!1.65D6 (CLASSIC)
EmsisoftGen:Variant.Application.LoadMoney.589 (B)
F-SecureProgram.APPL/LoadMoney.7010
DrWebAdware.Downware.774
VIPREGen:Variant.Application.LoadMoney.589
TrendMicroTROJ_SPNR.3AJG13
Trapminemalicious.high.ml.score
SophosMal/Dwnldr-Y
IkarusTrojan.SuspectCRC
GDataWin32.Riskware.StartPage.J
JiangminTrojan/Genome.cqut
WebrootW32.Trojan.Gen
VaristW32/Agent.RC.gen!Eldorado
AviraAPPL/LoadMoney.7010
Antiy-AVLTrojan[Downloader]/Win32.LMN
KingsoftWin32.HeurC.KVM019.a
XcitiumApplicUnwnt.Win32.LoadMoney.B@4th5ev
ArcabitTrojan.Application.LoadMoney.589
ViRobotAdware.Loadmoney.61376.H
ZoneAlarmnot-a-virus:Downloader.Win32.LMN.e
MicrosoftSoftwareBundler:Win32/Ogimant
GoogleDetected
AhnLab-V3Adware/Win32.Downloader.R47466
ALYacGen:Variant.Application.LoadMoney.589
VBA32Downware.LMN.gen
MalwarebytesGeneric.Malware.AI.DDS
TrendMicro-HouseCallTROJ_SPNR.3AJG13
TencentAdware.Win32.DL.Lmn.b
YandexTrojan.GenAsa!6V58Fn+urBk
MAXmalware (ai score=99)
MaxSecurenot-a-virus:.Downloader.Agent.vf
FortinetW32/Agent.FEZ!tr.dldr
DeepInstinctMALICIOUS

How to remove Win32:LoadMoney-AGH [PUP]?

Win32:LoadMoney-AGH [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment