PUA

What is “Win32:MiscX-gen [PUP]”?

Malware Removal

The Win32:MiscX-gen [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:MiscX-gen [PUP] virus can do?

  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Exhibits possible ransomware file modification behavior
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

flow.lavasoft.com

How to determine Win32:MiscX-gen [PUP]?



File Info:

crc32: 9E0DC654
md5: 94a8da0604176d3b0d4b2b6b94bfad45
name: 94A8DA0604176D3B0D4B2B6B94BFAD45.mlw
sha1: 465ac03bfa59bdf4fded6564edf6ffa1b7ba27d5
sha256: 24acc954db34d524df96db7e28518b5f25eaa14f605204cb51b5f0ba0265441b
sha512: a6c3378f0c8c230600b444c4d9c220889e0d022f3c54d7544b597cd455ec6d0dce4240a5042d68b5e9cb6855ffa639ea0a7099a3405773ad082138e6f076e14d
ssdeep: 49152:UG5UfgKxa4VCkbf6jrHzrIIYwkBVAIQYEYfeBoZUi7QNC06ku4jDRoWw0fxahuzS:UG5QgKxa47f6nyteYmoZf7oC3ku4jDRI
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 Adaware 2020
InternalName: GM001.exe
FileVersion: 6.0.2.0
CompanyName: GM001
ProductName: Gamulator
ProductVersion: 1.0.0.4133
FileDescription: Software Installation
OriginalFilename: GM001.exe
Translation: 0x0409 0x04b0

Win32:MiscX-gen [PUP] also known as:

DrWebProgram.Unwanted.4903
FireEyeGeneric.mg.94a8da0604176d3b
CylanceUnsafe
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
SymantecML.Attribute.HighConfidence
AvastWin32:MiscX-gen [PUP]
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionArtemis!Trojan
Antiy-AVLGrayWare/Win32.Vittalia.a
MicrosoftPUA:Win32/ICBundler
GridinsoftPUP.Win32.Gen.oa
CynetMalicious (score: 100)
McAfeeArtemis!94A8DA060417
VBA32BScope.Trojan.BtcMine
AVGWin32:MiscX-gen [PUP]
Paloaltogeneric.ml

How to remove Win32:MiscX-gen [PUP]?

Win32:MiscX-gen [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment