Trojan

AIT:Trojan.Nymeria.5111 removal tips

Malware Removal

The AIT:Trojan.Nymeria.5111 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT:Trojan.Nymeria.5111 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine AIT:Trojan.Nymeria.5111?



File Info:

name: C4E2AA1EFD0B9163BA3E.mlw
path: /opt/CAPEv2/storage/binaries/f5b5088eec14c9aa10f6f8f77f6f672553c8f6278533d2a35001071dab13a58b
crc32: A6984CAE
md5: c4e2aa1efd0b9163ba3ee15f163e8086
sha1: 041779532158bd38696d816c67e210cefc8b97c4
sha256: f5b5088eec14c9aa10f6f8f77f6f672553c8f6278533d2a35001071dab13a58b
sha512: 079a8f029438b458c418090c885218d6c1ef5305f61749b916276df1e42e38cf9da8b60875ebadb6e83081737c30a3bc6009b1ee5365d3eaea76fb03acd2eb29
ssdeep: 98304:k2cPK8iF8pP+YKFowSbiH23sByn2cPK8Z2WOa9q71zyhZ:/CK9F8Z9x2esU2CKrWOaqpzC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D846F01273E5C076EF9751338B19B76186BDA6180733889F23881E7DBF305E1963E626
sha3_384: c6097f1554cfc074dc5cd3907014cd6e038be824cf58fa6413ae5db6763242de9fd241782d3beb06ca1d98bb82f28293
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2022-02-03 16:40:39


Version Info:

FileVersion: 3.6.0.8
Comments: http://www.autoitscript.com/autoit3/
FileDescription: Simulations Software
ProductName: M2 Tools
ProductVersion: 3
LegalCopyright: powered by Elitepvpers.com
Translation: 0x0809 0x04b0

AIT:Trojan.Nymeria.5111 also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Gamehack.3!e
MicroWorld-eScanAIT:Trojan.Nymeria.5111
FireEyeAIT:Trojan.Nymeria.5111
McAfeeArtemis!C4E2AA1EFD0B
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R002H09B622
Paloaltogeneric.ml
BitDefenderAIT:Trojan.Nymeria.5111
AvastWin32:Malware-gen
Ad-AwareAIT:Trojan.Nymeria.5111
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
EmsisoftAIT:Trojan.Nymeria.5111 (B)
GDataAIT:Trojan.Nymeria.5111 (4x)
ViRobotTrojan.Win32.Z.Nymeria.5882368
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
VBA32Trojan-Downloader.Autoit.gen
ALYacAIT:Trojan.Nymeria.5111
MAXmalware (ai score=86)
APEXMalicious
FortinetW32/PossibleThreat
AVGWin32:Malware-gen

How to remove AIT:Trojan.Nymeria.5111?

AIT:Trojan.Nymeria.5111 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment