PUA

Win32:SMSSend-CHN [PUP] malicious file

Malware Removal

The Win32:SMSSend-CHN [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32:SMSSend-CHN [PUP] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Win32:SMSSend-CHN [PUP]?


File Info:

name: 4CDC30B681D4603F997B.mlw
path: /opt/CAPEv2/storage/binaries/f1d26c04ce317937e130dd56906e1e2b6542344cd5cd8e2ed6dfe20c0971a225
crc32: 6E17F55F
md5: 4cdc30b681d4603f997b83cba9a1e130
sha1: 3bb9b9801f609944cefd4b6a589fbc09d9abb5b1
sha256: f1d26c04ce317937e130dd56906e1e2b6542344cd5cd8e2ed6dfe20c0971a225
sha512: 283ef6f61b44f30dd9719cbeff85ed9b0d4d171449577401aaa93b784c9382976de7c05dfe2fba80960eecf19b2ac37ab5fdf1b15dfed043cdcceae053842b1e
ssdeep: 6144:+K8JmaEZBppNHiKyfW2ZSAIZLMJboIWb8dcBOtXAB9iqcR4X0MaRd3SkdNUj55oh:QmaE9pVAW2ZSLZMbrcBIXASv00vdiBu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F194CF4873E98D56C189773240A2D3292232C99B7B43EB0684E24C7F7D673E6BD9D853
sha3_384: c891f7dcb7363911688f9470094dced26b943b2a596da1f61ed951f6e489c31bd893946cf3a037fe4ee0f3fbc2b1c8ef
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-11-09 11:45:15

Version Info:

FileDescription: Setup
FileVersion: 1.0.0.0
InternalName: setup.exe
OriginalFilename: setup.exe
ProductName: Setup
ProductVersion: 1.0.0.0
Translation: 0x0000 0x04b0

Win32:SMSSend-CHN [PUP] also known as:

LionicTrojan.Win32.Generic.lJQL
MicroWorld-eScanGen:Variant.MSILPerseus.228347
FireEyeGeneric.mg.4cdc30b681d4603f
McAfeeTrojan-FJKQ!4CDC30B681D4
MalwarebytesMalware.AI.4148258920
K7AntiVirusTrojan ( 700000121 )
BitDefenderGen:Variant.MSILPerseus.228347
K7GWTrojan ( 700000121 )
BaiduMSIL.Trojan.ArchSMS.a
CyrenW32/MSIL_Troj.BT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-1112253
KasperskyHEUR:Trojan.MSIL.Cryptos.gen
AlibabaTrojan:MSIL/Cryptos.3df74143
NANO-AntivirusTrojan.Win32.ArchSMS.dbluxz
Ad-AwareGen:Variant.MSILPerseus.228347
EmsisoftGen:Variant.MSILPerseus.228347 (B)
ComodoTrojWare.MSIL.ArchSMS.BVA@51hs84
DrWebTrojan.DownLoader10.47050
TrendMicroTROJ_GEN.R002C0PKN21
McAfee-GW-EditionTrojan-FJKQ!4CDC30B681D4
SophosMal/Generic-S
IkarusHoax.Win32.ArchSMS
JiangminTrojan.MSIL.mjvd
AviraHEUR/AGEN.1128436
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.Badur
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.MSILPerseus.228347
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.SMSHoax.R59827
VBA32TScope.Trojan.MSIL
ALYacGen:Variant.MSILPerseus.228347
CylanceUnsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0PKN21
TencentMsil.Trojan.Cryptos.Phhc
YandexTrojan.Cryptos!smaRyfB4KYE
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/NDAoF
BitDefenderThetaGen:NN.ZemsilF.34084.zm0@amwIV9o
AVGWin32:SMSSend-CHN [PUP]
Cybereasonmalicious.681d46
AvastWin32:SMSSend-CHN [PUP]

How to remove Win32:SMSSend-CHN [PUP]?

Win32:SMSSend-CHN [PUP] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment