Trojan

AIT:Trojan.Nymeria.2424 removal

Malware Removal

The AIT:Trojan.Nymeria.2424 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.2424 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine AIT:Trojan.Nymeria.2424?



File Info:

name: F66FF52F36CE2F80D063.mlw
path: /opt/CAPEv2/storage/binaries/13dc1b464d9fc001bd04af1ad7e7245b2f960b1282a41fa569fdf01bb801f472
crc32: D3C06207
md5: f66ff52f36ce2f80d06389003be33d12
sha1: 5e29f22b8961a6609f01472a7a460441b9a7c5ae
sha256: 13dc1b464d9fc001bd04af1ad7e7245b2f960b1282a41fa569fdf01bb801f472
sha512: d4ead24b945432a2fd23e523d20896bc60cea29f329958f8e35714494a4f1247736e728ba0b273b6f95e1e4e4314536937d1de8103712da7bcb5776d6e6ba60e
ssdeep: 12288:aCOT1WlZ1YYAkWnkgPzIQyaXYfl/PH0XxpgdTpCPAMctJDdFFgaY74osc4kZr:aCORWlZcF1yaXUzdT6AM+r2aYHsc4s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18F058D1273D2C072FFAB92738F6AF20596BC7D250123A62F13981D79B970172566E723
sha3_384: a85ee9cd09d412df72265a437c6a79f2aa69ef6786b73d081dace95cc38932cf817fad1c375ffdbd1c6a6f22fbcc0678
ep_bytes: e8c5d00000e97ffeffffcccccccccccc
timestamp: 2020-05-04 01:56:12


Version Info:

Translation: 0x0809 0x04b0

AIT:Trojan.Nymeria.2424 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanAIT:Trojan.Nymeria.2424
ALYacAIT:Trojan.Nymeria.2424
K7AntiVirusTrojan ( 700000111 )
K7GWTrojan ( 700000111 )
Cybereasonmalicious.f36ce2
ESET-NOD32Win32/Packed.Autoit.H suspicious
ClamAVWin.Dropper.Autoit-6646809-0
BitDefenderAIT:Trojan.Nymeria.2424
Ad-AwareAIT:Trojan.Nymeria.2424
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.ch
FireEyeGeneric.mg.f66ff52f36ce2f80
EmsisoftAIT:Trojan.Nymeria.2424 (B)
AviraHEUR/AGEN.1247781
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GDataAIT:Trojan.Nymeria.2424 (2x)
CynetMalicious (score: 100)
MAXmalware (ai score=84)
VBA32TrojanDropper.Autoit
MalwarebytesMalware.AI.1110925168
APEXMalicious
MaxSecureTrojan.Malware.300983.susgen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove AIT:Trojan.Nymeria.2424?

AIT:Trojan.Nymeria.2424 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment