PUA

Win32:OutBrowse-CH [PUP] removal instruction

Malware Removal

The Win32:OutBrowse-CH [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:OutBrowse-CH [PUP] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:OutBrowse-CH [PUP]?



File Info:

name: CEE4A7F13F2D59102451.mlw
path: /opt/CAPEv2/storage/binaries/0e827b6e89a0ecbb6070afd56f915b95dd900958624efad02abef7590e90b6ec
crc32: 07ECB24B
md5: cee4a7f13f2d59102451bda26365f290
sha1: a89ee1429e0127b82827ea1e839e77a2ccb162fc
sha256: 0e827b6e89a0ecbb6070afd56f915b95dd900958624efad02abef7590e90b6ec
sha512: 9b44f6d83ea8fdb52c38ae04b8fe669bd31e1a10b23ee477a879bb5d0a17a56002078b2c9147a9b6ef81a5dc2a878588fa9330f6ae2dca3ea4d5896cb6e94432
ssdeep: 12288:rfspT/+KegmFVG6Hu2iqsaelTEldwCJE/W+R9JSrYbSoZadA7oaJi+j4OIol5GcK:rfsBEgmHG6HTsianbSobl42pK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15CF42325EA5155B7F1638AB44D31C2057B333EEB3DB21806378EB85E1F6F6E0156A322
sha3_384: 7f92e3024b2f16770735c023d9dc4bbdfd188720848ebec8022a4105ba927f29f08589185247881718217f5ed1977af4
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription:                                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName:                                                             
ProductVersion:                     
Translation: 0x0000 0x04b0

Win32:OutBrowse-CH [PUP] also known as:

BkavW32.AIDetectMalware
LionicRiskware.Win32.Generic.1!c
tehtrisGeneric.Malware
CAT-QuickHealPUA.Quickdownl.Gen
SkyhighArtemis!Trojan
McAfeeArtemis!CEE4A7F13F2D
Cylanceunsafe
ZillyaTrojan.InstallCoreCRTD.Win32.1722
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/grayware_confidence_100% (D)
AlibabaAdWare:Win32/InstallCore.f16142d2
K7GWAdware ( 005104571 )
K7AntiVirusAdware ( 005104571 )
VirITTrojan.Win32.MulDrop5.OXQ
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32Win32/InstallCore.Gen.A potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
Kasperskynot-a-virus:HEUR:AdWare.Win32.DealPly.gen
NANO-AntivirusRiskware.Win32.InstallCore.dcnbnl
SUPERAntiSpywarePUP.InstallCore/Variant
AvastWin32:OutBrowse-CH [PUP]
TencentMalware.Win32.Gencirc.10be3bc9
SophosInstall Core (PUA)
F-SecurePotentialRisk.PUA/InstallCore.Gen7
DrWebTrojan.Packed.24524
EmsisoftApplication.InstallCore (A)
SentinelOneStatic AI – Malicious PE
WebrootPua.Secure.Installer
AviraPUA/InstallCore.Gen7
Antiy-AVLGrayWare[AdWare]/Win32.InstallCore.genb
MicrosoftPUADlManager:Win32/InstallCore
XcitiumApplicUnwnt@#22wwh2vyronn
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.DealPly.gen
GDataWin32.Adware.InstallCore.FC
GoogleDetected
VBA32Malware-Cryptor.InstallCore.gen
MalwarebytesPUP.Optional.InstallCore.DDS
RisingAdware.InstallCore!1.AB2C (CLASSIC)
YandexPUA.InstallCore!EallltL2Sws
IkarusPUA.InstallCore
MaxSecureAdware.W32.DealPly.gen_237069
FortinetRiskware/InstallCore
AVGWin32:OutBrowse-CH [PUP]
DeepInstinctMALICIOUS

How to remove Win32:OutBrowse-CH [PUP]?

Win32:OutBrowse-CH [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment