Adware.Cinmus (file analysis)

The Adware.Cinmus is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Adware.Cinmus virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Adware.Cinmus?


File Info:
name: D3D15F5BB4F566C6CAAE.mlw
path: /opt/CAPEv2/storage/binaries/4334169b678a2f9e19b948ab13629b7ac87823dad41981d43af73bd799717e40
crc32: 904C48EB
md5: d3d15f5bb4f566c6caaeb2f28b0f27ba
sha1: 757a6027378aea6c16de80fdc6a04bd914538d8b
sha256: 4334169b678a2f9e19b948ab13629b7ac87823dad41981d43af73bd799717e40
sha512: 1332606bb7ef54cd0a68e6e68e5ac418f078814a1183f51e1f89e21c44cf1a2954c8752c637dc26f0888f4504c8bc22216630d91211b6315718df1c54ef4e9a8
ssdeep: 6144:HKAaaN59FYXhYLW3XKoWXCUJU4EsrFW7nmsWYqhMM9rDRacr8V1Kp0Cm9s:zaaNfF9qHKoWXCUi4rUDnjROnRhuS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B9D47C42B9F390F6D67420B0097A2736B67A8A460B15CFC3A354ED295D3F6809E3717B
sha3_384: b4c1f5fcec772f450f2258b4f4b928ecff5e698f42be019c5c6c9badb8f6cc3184af998285831c4953c6ef4a58af3d0b
ep_bytes: 558bec6aff6810644700686c30450064
timestamp: 2011-09-13 07:51:13

Version Info:
FileVersion: 1.0.1.1
FileDescription: yY1018制作
ProductName: 其实我一直我很喜欢你，你愿意接受我吗？
ProductVersion: 1.0.1.1
CompanyName: yY1018制作
LegalCopyright: yY1018制作 版权所有
Comments: yY1018制作
Translation: 0x0804 0x04b0

Adware.Cinmus also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
FireEye	Generic.mg.d3d15f5bb4f566c6
CAT-QuickHeal	Risktool.Flystudio.17325
Skyhigh	BehavesLike.Win32.Generic.hh
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Adware.Cinmus.Win32.17932
Cybereason	malicious.7378ae
BitDefenderTheta	Gen:NN.ZexaF.36792.Lq0@aejx1Qjb
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEX	Malicious
Cynet	Malicious (score: 100)
Rising	Trojan.Generic@AI.99 (RDML:5K/ujdOJqYH9Ij7H5BWX9g)
F-Secure	Trojan:W32/DelfInject.R
Trapmine	suspicious.low.ml.score
Sophos	Generic ML PUA (PUA)
Ikarus	AdWare.Cinmus
Webroot	W32.Malware.Heur
Antiy-AVL	Trojan[Dropper]/Win32.Agent
Kingsoft	malware.kb.a.997
Microsoft	Program:Win32/Wacapew.C!ml
Xcitium	Worm.Win32.Dropper.RA@1qraug
GData	Win32.Trojan.PSE.132YKFO
Varist	W32/Trojan.CLL.gen!Eldorado
VBA32	Adware.Cinmus
DeepInstinct	MALICIOUS
Cylance	unsafe
Panda	Generic Malware
Yandex	Trojan.GenAsa!7CpBCjbXELE
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/FlyApplication
AVG	Win32:Evo-gen [Trj]
Avast	Win32:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Adware.Cinmus?

Adware.Cinmus removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X