Adware

Adware.Cerbu.74749 (file analysis)

Malware Removal

The Adware.Cerbu.74749 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware.Cerbu.74749 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Adware.Cerbu.74749?


File Info:

name: E661818B4A416E57E754.mlw
path: /opt/CAPEv2/storage/binaries/a541a9f6f436d0f1ac25da814f7ac1549f176e6079626a402e946d962e712681
crc32: 3AE4D0B8
md5: e661818b4a416e57e7549c1390034cb5
sha1: 98bdd027652535986dc625dd141a5d0d8847d170
sha256: a541a9f6f436d0f1ac25da814f7ac1549f176e6079626a402e946d962e712681
sha512: 01fbe6e10af70218001c69b2fdfbc67d2934ff36f20f40713ad1c8a88f1df21f4016b818b3124e59028add1393fcf534b91e7e17801c0626a17619584fd3971a
ssdeep: 98304:0DXS4k/s4JUGckAR/VI/oMlovVC70Ub7r8+4vvPY4GHWfcXfnS:TskUdR/+dl28b6g1HWkvS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T171263398C811C0FFDE64C2B89F9B82805E76B4073A37E5357E9E287B1F675405D2E682
sha3_384: 88664116c0180739fd70510d1e5926dc31920b4278533deef3018a59b82bdb5ca34c9dc788eb52b1f840f50551721849
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Vel Setup
FileVersion:
LegalCopyright:
Translation: 0x0409 0x04e4

Adware.Cerbu.74749 also known as:

LionicTrojan.Win32.Adload.a!c
MicroWorld-eScanGen:Variant.Adware.Cerbu.74749
FireEyeGen:Variant.Adware.Cerbu.74749
McAfeeArtemis!E661818B4A41
CylanceUnsafe
K7AntiVirusTrojan ( 005722fe1 )
AlibabaAdWare:Win32/AdLoad.fe3cbe5a
K7GWTrojan ( 005722fe1 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0DL721
Paloaltogeneric.ml
KasperskyTrojan-Downloader.Win32.Adload.tnux
BitDefenderGen:Variant.Adware.Cerbu.74749
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Adware.Cerbu.74749
EmsisoftGen:Variant.Adware.Cerbu.74749 (B)
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
JiangminTrojanDownloader.Adload.ainu
AviraTR/Drop.Agent.njzad
MAXmalware (ai score=64)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Script/Phonzy.C!ml
GDataWin32.Backdoor.Bodelph.7CDSWW
ALYacGen:Variant.Adware.Cerbu.74749
MalwarebytesAdware.DownloadAssistant
TencentWin32.Trojan-downloader.Adload.Ajuv
IkarusTrojan-Dropper.Win32.Agent
FortinetW32/Agent.SLC!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Adware.Cerbu.74749?

Adware.Cerbu.74749 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment