Malware

Application.Cerbu.160429 (file analysis)

Malware Removal

The Application.Cerbu.160429 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.Cerbu.160429 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Application.Cerbu.160429?



File Info:

name: 36AD6E471B8FA81D88F3.mlw
path: /opt/CAPEv2/storage/binaries/6762b699d46addfdda6adea9b71fbd88f8f0ac86c843576de9c95a4e178b95d0
crc32: 7DED54E7
md5: 36ad6e471b8fa81d88f330cd979a955e
sha1: 42d386c025d806ac498e0fa413b5fba0163460c4
sha256: 6762b699d46addfdda6adea9b71fbd88f8f0ac86c843576de9c95a4e178b95d0
sha512: 84ac6b6e5e29f90eb08966b992d02913f02c46630e58b46731592d4f6253728d0d2dff41cba4636bbe82e6cc047a9e689010cd77d13e94e7549ffccfed60ec06
ssdeep: 49152:iinmpEd+8OYLcg7yzn9U00ByviRVNnvIRHtgMwa0jLX/nvYX0mj:iinUhYLcgN0jGVNnvIOa0jLvvYD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D3A522C298412539E4FC8131A436198C2216FFDD6E58B10F59C87EBA79761E3E523E2F
sha3_384: 7cd8854ad6b9ac7e093858f00d476b0a9ca10d38af5d3fb24049d51724ab9d8321a243b263ee8f5527ddddf490a7e4ac
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Gksus Avarun                                                
FileDescription: Split Files Setup                                           
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Application.Cerbu.160429 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Injuke.16!c
DrWebTrojan.DownLoader45.31779
MicroWorld-eScanGen:Variant.Application.Cerbu.160429
FireEyeGen:Variant.Application.Cerbu.160429
ALYacGen:Variant.Application.Cerbu.160429
MalwarebytesAgent.Trojan.Dropper.DDS
VIPREGen:Variant.Application.Cerbu.160429
SangforDropper.Win32.Injuke.Vgox
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Injuke.8d4a0a41
K7GWTrojan ( 005722f11 )
VirITTrojan.Win32.Genus.NKD
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
ClamAVWin.Malware.Cerbu-9982225-0
KasperskyTrojan.Win32.Injuke.gjfn
BitDefenderGen:Variant.Application.Cerbu.160429
AvastNSIS:Adware-AEK [Adw]
EmsisoftGen:Variant.Application.Cerbu.160429 (B)
F-SecureTrojan.TR/AD.Nekark.wktii
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.vc
SophosMal/Generic-S (PUA)
GDataGen:Variant.Application.Cerbu.160429
JiangminTrojan.Injuke.rok
AviraTR/AD.Nekark.wktii
Antiy-AVLTrojan/Win32.Injuke
XcitiumMalware@#cp2r8priv4qa
ArcabitTrojan.Application.Cerbu.D272AD
ZoneAlarmTrojan.Win32.Injuke.gjfn
MicrosoftTrojan:Win32/ICLoader.JL!MTB
CynetMalicious (score: 99)
AhnLab-V3Downloader/Win.BeamWinHTTP.R547857
McAfeeArtemis!36AD6E471B8F
MAXmalware (ai score=79)
VBA32TrojanDownloader.Ajent
Cylanceunsafe
PandaTrj/Chgt.AD
FortinetW32/Agent.SLC!tr
AVGNSIS:Adware-AEK [Adw]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Application.Cerbu.160429?

Application.Cerbu.160429 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment