Trojan

AIT:Trojan.Nymeria.2681 malicious file

Malware Removal

The AIT:Trojan.Nymeria.2681 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.2681 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the HawkEyev9 malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates known CypherIT/Frenchy Shellcode mutexes
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine AIT:Trojan.Nymeria.2681?



File Info:

name: F6E50EF6AE68973933BB.mlw
path: /opt/CAPEv2/storage/binaries/e3d18edaa5af39b89b78662d75722805ae542f1c5269926474affe9b71bb1034
crc32: 186D9200
md5: f6e50ef6ae68973933bb21596367e135
sha1: eae2f2c8608a82388f3ed83579d8c35c1476e46c
sha256: e3d18edaa5af39b89b78662d75722805ae542f1c5269926474affe9b71bb1034
sha512: 61fbe5ac590df192417cecee53b34f2b9e0b37a9a447f45e36d99ca042cfcc48f4f7a8e754829c73b8ef2c8937ab892075db305d0236b634df0c321065eafaae
ssdeep: 49152:Ow80cTsjkWaaEHM7dvifEPkdq7UvsGRcJ2CFpAXj:z8sjk1HM77kLkGq/8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13495F02263DDC370CB669173BF6A77016E7F38654630B85B2F880D79BD50172226DAA3
sha3_384: eef855370f51a150dd978bbec16d2f7d9849c4fc058c5cb4d04d358e831a8061bde16c25369d5df7d0ee792437355cd2
ep_bytes: e8b8d00000e97ffeffffcccccccccccc
timestamp: 2019-10-15 22:45:09


Version Info:

FileDescription: drvcfg
OriginalFilename: IMEPADSV.exe
CompanyName: bcdedit
LegalCopyright: SetupPlatform
ProductName: VaultCmd
ProductVersion: 693, 955, 594, 70
Translation: 0x0000 0x04b0

AIT:Trojan.Nymeria.2681 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Heye.i!c
Elasticmalicious (high confidence)
MicroWorld-eScanAIT:Trojan.Nymeria.2681
ClamAVWin.Trojan.Autoit-7339224-0
FireEyeGeneric.mg.f6e50ef6ae689739
CAT-QuickHealTrojan.AutoIt.Injector.ZZ
McAfeeArtemis!F6E50EF6AE68
MalwarebytesTrojan.MalPack.AutoIt
SangforVirus.Win32.Save.a
AlibabaTrojan:Win32/autoit.ali2000008
Cybereasonmalicious.6ae689
ArcabitAIT:Trojan.Nymeria.DA79
CyrenW32/AutoIt.OW.gen!Eldorado
SymantecPacked.Generic.548
ESET-NOD32a variant of Generik.DEROCGJ
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-PSW.Win32.Heye.imv
BitDefenderAIT:Trojan.Nymeria.2681
NANO-AntivirusTrojan.Win32.Heye.ghyvfp
AvastAutoIt:Dropper-DL [Trj]
TencentWin32.Trojan-QQPass.QQRob.Psmw
SophosMal/Generic-S
F-SecureDropper.DR/AutoIt.Gen8
DrWebTrojan.PWS.Siggen2.36080
VIPREAIT:Trojan.Nymeria.2681
TrendMicroBackdoor.AutoIt.BLADABINDI.SMP
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
EmsisoftAIT:Trojan.Nymeria.2681 (B)
WebrootW32.Injector.Gen
AviraDR/AutoIt.Gen8
MAXmalware (ai score=80)
Antiy-AVLGrayWare/Autoit.Execute.a
XcitiumMalware@#9g8g185t2196
MicrosoftTrojan:Win32/Occamy.C
ZoneAlarmTrojan-PSW.Win32.Heye.imv
GDataAIT:Trojan.Nymeria.2681
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C3524679
BitDefenderThetaGen:NN.ZexaF.36318.Yv0@aqbuhAnm
ALYacAIT:Trojan.Nymeria.2681
TACHYONTrojan/W32.Injects.1881600
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallBackdoor.AutoIt.BLADABINDI.SMP
RisingTrojan.Obfus/Autoit!1.BD7E (CLASSIC)
IkarusTrojan.Autoit
AVGAutoIt:Dropper-DL [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove AIT:Trojan.Nymeria.2681?

AIT:Trojan.Nymeria.2681 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment