Malware

Cerbu.124932 (file analysis)

Malware Removal

The Cerbu.124932 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Cerbu.124932 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Cerbu.124932?



File Info:

name: BA45EA65738E374CDC3A.mlw
path: /opt/CAPEv2/storage/binaries/60ef9a3ae8e8bd8e9ddcc12fb1dee98a1a0a3d596edb727427caf7a1beb0c711
crc32: 41B88C1D
md5: ba45ea65738e374cdc3a5de7bcd69535
sha1: bfdb7df353dc43bc9f221482c7cdb5a7168eba23
sha256: 60ef9a3ae8e8bd8e9ddcc12fb1dee98a1a0a3d596edb727427caf7a1beb0c711
sha512: 62614cdd5e3e8f8c6861d6561ea7d52e25428b8e03043cd1fd179ccfa62d102903317e9a5db8b84be4e5d5b71fffaa8188c500b9eae73e812a6fa6ddbb7f2c08
ssdeep: 12288:Kx7r/93+FKkT3JEwNTGvdc6Xt6X2x7r/93+FKkT3JEwNTGvdoX:KloA6tTYzC2loA6tTYA
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T17CF46C73B54184B1C526143101A88B31DA79FC2D19608A0E6BBDBF752E367F2723DB6E
sha3_384: a467890bf7f652928e108a6b1e7b424ea73429319f4c561c260cce6e8618c610e605ca22d88b0bb0c2d35dd962aa2899
ep_bytes: e8a1060000e974feffff558bec6a00ff
timestamp: 2020-12-09 13:07:51


Version Info:

CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 8.0.2810.9
Full Version: 1.8.0_281-b09
InternalName: java
LegalCopyright: Copyright © 2020
OriginalFilename: java.exe
ProductName: Java(TM) Platform SE 8
ProductVersion: 8.0.2810.9
Translation: 0x0000 0x04b0

Cerbu.124932 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Cerbu.124932
FireEyeGen:Variant.Cerbu.124932
McAfeeRDN/Autorun.worm.gen
CylanceUnsafe
BaiduWin32.Trojan.VB.t
CyrenW32/Pajetbin.K.gen!Eldorado
APEXMalicious
ClamAVWin.Worm.Vindor-9886047-0
BitDefenderGen:Variant.Cerbu.124932
AvastWin32:VB-FBX
SophosGeneric ML PUA (PUA)
DrWebWin32.HLLW.Autoruner.547
TrendMicroWORM_AUTORUN.BTM
McAfee-GW-EditionBehavesLike.Win32.Generic.bh
EmsisoftGen:Variant.Cerbu.124932 (B)
JiangminPacked.Krap.gvuw
MaxSecureTrojan.Malware.121218.susgen
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Cerbu.124932
CynetMalicious (score: 100)
AhnLab-V3Worm/Win.Autorun.C4943577
ALYacGen:Variant.Cerbu.124932
MAXmalware (ai score=88)
VBA32Worm.AutoRun
MalwarebytesMalware.AI.2797890020
TrendMicro-HouseCallWORM_AUTORUN.BTM
RisingWorm.VB!1.DA3E (CLASSIC)
YandexTrojan.GenAsa!g8z8LT30jj4
IkarusTrojan.Agent
FortinetW32/Agent.45C7!tr
AVGWin32:VB-FBX
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Cerbu.124932?

Cerbu.124932 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment