Trojan

About “AIT:Trojan.Nymeria.3053” infection

Malware Removal

The AIT:Trojan.Nymeria.3053 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.3053 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup

How to determine AIT:Trojan.Nymeria.3053?



File Info:

name: A17FAC9D6417DB94A2C0.mlw
path: /opt/CAPEv2/storage/binaries/c69d16038259afd43f905aab9b74f3fdb890f0009f2762c910c5e9b2a56aad1e
crc32: AE71AF33
md5: a17fac9d6417db94a2c00b0fab037b14
sha1: 35d6adca19aca5acb27b7ccd7a246d56f9d30810
sha256: c69d16038259afd43f905aab9b74f3fdb890f0009f2762c910c5e9b2a56aad1e
sha512: f5df2f6bda89d05602a322987810e6b3fd1ef36ea9a89369776334e97f923353e0408be0c12e8483fcd521ae41581a86bee61c68041673e12af6128235b3c44e
ssdeep: 49152:9EVUcHGV/c4vnNHCc4uqQhtCzaDD+kqK/DA2q1kioEtGyi:9E3HaMOCuDDFrk1ki/ti
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T175B533B4B3A3A665D9810AB65CD343B312B01D238FB4666F91355C243E7B2136CFFA58
sha3_384: a9dfc991924da75e6c5055a766f3b1cb7e2e2a4fe797ec5b3e27488445158a706abb536cb8c44d0f1415a8c350acfd9d
ep_bytes: 60be007047008dbe00a0f8ff57eb0b90
timestamp: 2012-01-29 21:32:28


Version Info:

FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

AIT:Trojan.Nymeria.3053 also known as:

LionicTrojan.Win32.VB.lpG0
Elasticmalicious (high confidence)
DrWebBackDoor.IRC.Bot.3238
MicroWorld-eScanAIT:Trojan.Nymeria.3053
FireEyeGeneric.mg.a17fac9d6417db94
CAT-QuickHealTrojan.DriveHide.VN8
McAfeeArtemis!A17FAC9D6417
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/DelfInject.ali2000015
K7GWTrojan ( 700000111 )
Cybereasonmalicious.d6417d
BitDefenderThetaGen:NN.ZelphiF.34114.sIW@aOStlngi
CyrenW32/Injector.TIUD-8484
SymantecTrojan.Gen.MBT
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Dropper.Lokibot-9791657-0
KasperskyHEUR:Trojan.Win32.Kryptik.gen
BitDefenderAIT:Trojan.Nymeria.3053
NANO-AntivirusTrojan.Win32.Kryptik.ibtmsr
AvastAutoIt:Dropper-DM [Trj]
TencentWin32.Trojan.Kryptik.Lknn
Ad-AwareAIT:Trojan.Nymeria.3053
EmsisoftAIT:Trojan.Nymeria.3053 (B)
TrendMicroCoinminer.AutoIt.MALXMR.AD
McAfee-GW-EditionBehavesLike.Win32.AutoitDropper.vc
SophosMal/Generic-S
IkarusTrojan-Dropper.Win32.Autoit
GDataTrojan.GenericKD.36090846 (3x)
JiangminTrojan.MSIL.Zapchast.ag
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1202430
Antiy-AVLTrojan/Generic.ASMalwS.30FE5EA
KingsoftWin32.Troj.Undef.(kcloud)
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4341828
VBA32Trojan.Kryptik
ALYacTrojan.GenericKD.36090846
MAXmalware (ai score=81)
MalwarebytesMalware.AI.2209856111
TrendMicro-HouseCallCoinminer.AutoIt.MALXMR.AD
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.Kryptik!r/g3s18CVzE
MaxSecureWin.MxResIcn.Heur.Gen
FortinetW32/Injector.ENVN!tr
AVGAutoIt:Dropper-DM [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove AIT:Trojan.Nymeria.3053?

AIT:Trojan.Nymeria.3053 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment