Trojan

What is “AIT:Trojan.Nymeria.2629”?

Malware Removal

The AIT:Trojan.Nymeria.2629 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.2629 virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Creates a copy of itself
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine AIT:Trojan.Nymeria.2629?



File Info:

name: 7EF52DE27BB79FA19760.mlw
path: /opt/CAPEv2/storage/binaries/22d638e5e5d10fca1f950335a655b1b6ece91eaa403677d42a0d0fd3a46bd162
crc32: F97484A8
md5: 7ef52de27bb79fa19760598978d025ed
sha1: 099a45c4caa42a71a3e1647366dfd2abb8071171
sha256: 22d638e5e5d10fca1f950335a655b1b6ece91eaa403677d42a0d0fd3a46bd162
sha512: 3f680fd51315f7d884cf342c9f0ae21652eb8122ccc8412a28ab25aee52e00fac90aef58e9ff91b4b13a53f7bb8b1b49cca207fb9da87e58ddb06f1df3c1634a
ssdeep: 49152:REVUcEJAmz9VTe5ebwINRDFQLUKbL9fowc/Gf:RE3y99VbZ1eUKHNtc/Gf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16AB533EFF659D60AF0BB5378D44572458350ACA77758BE7FD028B493343B0898FA6A20
sha3_384: 5b6293f3f7b854aba2bb3b693bf8218728964e0673758e9dda438f8ad871a6046fe6602b578fa95d06e2e68030851f04
ep_bytes: 60be009047008dbe0080f8ff57eb0b90
timestamp: 2012-01-29 21:32:28


Version Info:

CompanyName: Apple Inc.
FileDescription: 
FileVersion: 3, 3, 8, 1
LegalCopyright: © 2003-2009 Apple Inc. All Rights Reserved.
InternalName: iTunesHelper
OriginalFilename: iTunesHelper.exe
ProductName: iTunes
ProductVersion: 9.0.2.25
OLESelfRegister: 
Translation: 0x0809 0x04b0
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1

AIT:Trojan.Nymeria.2629 also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanAIT:Trojan.Nymeria.2629
ClamAVWin.Coinminer.Generic-7133814-0
FireEyeAIT:Trojan.Nymeria.2629
ALYacGen:Variant.Tedy.295789
VIPREAIT:Trojan.Nymeria.2629
K7AntiVirusTrojan ( 700000111 )
K7GWTrojan ( 700000111 )
Cybereasonmalicious.27bb79
VirITTrojan.Win32.Generic.LHS
SymantecTrojan.Gen.MBT
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/CoinMiner.FP
APEXMalicious
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Agent.adafj
BitDefenderAIT:Trojan.Nymeria.2629
NANO-AntivirusRiskware.Win32.BtcMine.cudrgy
AvastWin64:Malware-gen
EmsisoftAIT:Trojan.Nymeria.2629 (B)
F-SecurePrivacyRisk.SPR/Bitcoin.djg.1
DrWebTrojan.BtcMine.157
ZillyaTrojan.Agent.Win32.408842
TrendMicroPossible_Execit-0
McAfee-GW-EditionBehavesLike.Win32.Injector.vc
Trapminemalicious.moderate.ml.score
SophosBitcoin Miner (PUA)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Genkdv
AviraTR/Rogue.1227003.8
MAXmalware (ai score=84)
Antiy-AVLRiskWare[RiskTool]/Win64.BitCoinMiner
XcitiumMalware@#7c393b8drouw
ArcabitAIT:Trojan.Nymeria.DA45 [many]
ZoneAlarmTrojan.Win32.Agent.adafj
GDataGen:Variant.Tedy.295789 (3x)
GoogleDetected
McAfeeArtemis!7EF52DE27BB7
VBA32Trojan.Autoit.Wirus
Cylanceunsafe
TrendMicro-HouseCallPossible_Execit-0
RisingTrojan.Generic@AI.90 (RDML:KLY3NYvvnYh+Ve8mJyvzdw)
YandexTrojan.Graftor!EDGwo2GD/5k
IkarusTrojan.CoinMiner
FortinetRiskware/BitCoinMiner
AVGWin64:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove AIT:Trojan.Nymeria.2629?

AIT:Trojan.Nymeria.2629 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment