Malware

About “Zirinda.1 (B)” infection

Malware Removal

The Zirinda.1 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zirinda.1 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Zirinda.1 (B)?



File Info:

name: 54BFEF1EE0D4649B40A8.mlw
path: /opt/CAPEv2/storage/binaries/029e8e8d1c3b266a0ef7da6fb38dee85a88201fac3890c240ab44c27b2914960
crc32: 804A588D
md5: 54bfef1ee0d4649b40a89b1c57bcb1b1
sha1: dab78dc33861f84a0bda609d9c249957efd98e73
sha256: 029e8e8d1c3b266a0ef7da6fb38dee85a88201fac3890c240ab44c27b2914960
sha512: b5732e01274b9ed44b6aa7c590ac2f52627cad9efcc798dcd67f88257855bece36f0334b71c7ab805c49342dc91c2ceed82fdf9a016d97c8471356dcfd57712e
ssdeep: 12288:GQi34viKUu7jj70yGnov6ud70KRrUb8IDHieHCoUhVIUpW:GQiofUu7jH0yGopdqb0q9a6T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T170D43983B50145B8FE767476642F0D320A9A6DFA5036E34D25CBB3664FF26A1841BF0B
sha3_384: 282dca1693715ef9f1643ce98b0490bb71eb6d4a042de007752780d8c1ebc5a8a64d5528ae89bc71835548a3f6b9c389
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Bubble Browser, Inc.                                        
FileDescription: Bubble Browser Setup                                        
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Bubble Browser                                              
ProductVersion: 553.3                                             
Translation: 0x0000 0x04b0

Zirinda.1 (B) also known as:

LionicTrojan.Win32.Zirinda.4!c
MicroWorld-eScanGen:Variant.Zirinda.1
FireEyeGen:Variant.Zirinda.1
McAfeeArtemis!54BFEF1EE0D4
CylanceUnsafe
SangforTrojan.Win32.Wacatac.B
Cybereasonmalicious.ee0d46
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Zirinda.1
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.hh
EmsisoftGen:Variant.Zirinda.1 (B)
MicrosoftTrojan:Win32/Zpevdo.B
GDataGen:Variant.Zirinda.1
ALYacGen:Variant.Zirinda.1
MAXmalware (ai score=87)
MalwarebytesTrojan.Dropper

How to remove Zirinda.1 (B)?

Zirinda.1 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment