Categories: Trojan

AIT:Trojan.Nymeria.2681 malicious file

The AIT:Trojan.Nymeria.2681 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What AIT:Trojan.Nymeria.2681 virus can do?

Behavioural detection: Executable code extraction – unpacking
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
CAPE detected the HawkEyev9 malware family
Checks the CPU name from registry, possibly for anti-virtualization
Creates known CypherIT/Frenchy Shellcode mutexes
Anomalous binary characteristics
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine AIT:Trojan.Nymeria.2681?


File Info:
name: F6E50EF6AE68973933BB.mlwpath: /opt/CAPEv2/storage/binaries/e3d18edaa5af39b89b78662d75722805ae542f1c5269926474affe9b71bb1034crc32: 186D9200md5: f6e50ef6ae68973933bb21596367e135sha1: eae2f2c8608a82388f3ed83579d8c35c1476e46csha256: e3d18edaa5af39b89b78662d75722805ae542f1c5269926474affe9b71bb1034sha512: 61fbe5ac590df192417cecee53b34f2b9e0b37a9a447f45e36d99ca042cfcc48f4f7a8e754829c73b8ef2c8937ab892075db305d0236b634df0c321065eafaaessdeep: 49152:Ow80cTsjkWaaEHM7dvifEPkdq7UvsGRcJ2CFpAXj:z8sjk1HM77kLkGq/8type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13495F02263DDC370CB669173BF6A77016E7F38654630B85B2F880D79BD50172226DAA3sha3_384: eef855370f51a150dd978bbec16d2f7d9849c4fc058c5cb4d04d358e831a8061bde16c25369d5df7d0ee792437355cd2ep_bytes: e8b8d00000e97ffeffffcccccccccccctimestamp: 2019-10-15 22:45:09
Version Info:
FileDescription: drvcfgOriginalFilename: IMEPADSV.exeCompanyName: bcdeditLegalCopyright: SetupPlatformProductName: VaultCmdProductVersion: 693, 955, 594, 70Translation: 0x0000 0x04b0

AIT:Trojan.Nymeria.2681 also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Heye.i!c
Elastic	malicious (high confidence)
MicroWorld-eScan	AIT:Trojan.Nymeria.2681
ClamAV	Win.Trojan.Autoit-7339224-0
FireEye	Generic.mg.f6e50ef6ae689739
CAT-QuickHeal	Trojan.AutoIt.Injector.ZZ
McAfee	Artemis!F6E50EF6AE68
Malwarebytes	Trojan.MalPack.AutoIt
Sangfor	Virus.Win32.Save.a
Alibaba	Trojan:Win32/autoit.ali2000008
Cybereason	malicious.6ae689
Arcabit	AIT:Trojan.Nymeria.DA79
Cyren	W32/AutoIt.OW.gen!Eldorado
Symantec	Packed.Generic.548
ESET-NOD32	a variant of Generik.DEROCGJ
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-PSW.Win32.Heye.imv
BitDefender	AIT:Trojan.Nymeria.2681
NANO-Antivirus	Trojan.Win32.Heye.ghyvfp
Avast	AutoIt:Dropper-DL [Trj]
Tencent	Win32.Trojan-QQPass.QQRob.Psmw
Sophos	Mal/Generic-S
F-Secure	Dropper.DR/AutoIt.Gen8
DrWeb	Trojan.PWS.Siggen2.36080
VIPRE	AIT:Trojan.Nymeria.2681
TrendMicro	Backdoor.AutoIt.BLADABINDI.SMP
McAfee-GW-Edition	BehavesLike.Win32.TrojanAitInject.tc
Emsisoft	AIT:Trojan.Nymeria.2681 (B)
Webroot	W32.Injector.Gen
Avira	DR/AutoIt.Gen8
MAX	malware (ai score=80)
Antiy-AVL	GrayWare/Autoit.Execute.a
Xcitium	Malware@#9g8g185t2196
Microsoft	Trojan:Win32/Occamy.C
ZoneAlarm	Trojan-PSW.Win32.Heye.imv
GData	AIT:Trojan.Nymeria.2681
Google	Detected
AhnLab-V3	Malware/Win32.Generic.C3524679
BitDefenderTheta	Gen:NN.ZexaF.36318.Yv0@aqbuhAnm
ALYac	AIT:Trojan.Nymeria.2681
TACHYON	Trojan/W32.Injects.1881600
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Backdoor.AutoIt.BLADABINDI.SMP
Rising	Trojan.Obfus/Autoit!1.BD7E (CLASSIC)
Ikarus	Trojan.Autoit
AVG	AutoIt:Dropper-DL [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)