Cerbu.124952 (file analysis)

The Cerbu.124952 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Cerbu.124952 virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Cerbu.124952?


File Info:
name: F2305E3E624B6D6AFF7C.mlw
path: /opt/CAPEv2/storage/binaries/5e1c901b5bf48ab4de093b7dddcbf9619b657930f225e4a141346de412bdc143
crc32: 72046A0F
md5: f2305e3e624b6d6aff7c8b022eb35db5
sha1: 258d7075b76239874d7506922b4a80684770dbb5
sha256: 5e1c901b5bf48ab4de093b7dddcbf9619b657930f225e4a141346de412bdc143
sha512: b269a31e47d319467605bfd365e8af4a8be7435f14b0a14ed35d7e1378189868819f26a05d082ebfdec72d743cf905f95893c3553e02d9fc8fcf526d4603ae03
ssdeep: 6144:qcQuIrQvdofLmjW4c3LoasoZd5MAaOAQJB+QujtudAj6Xt6AN7sjtc4IecgxPqH1:LPIrVG6JIQJB+3uCj6yjOlecgxxU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T194A43A053BDE5F40C19C097AE5F40944E7B4E8A70B53F35F9ADA15B82E247EED8D8282
sha3_384: abbcb2b80cd6b64b2fba5b04453aae33427be529acccf143d5623e7db7bcd8e4308864bbf6c4a5464f6b2270974ac611
ep_bytes: ff2500204000cfaddd14000000000000
timestamp: 2018-01-08 07:45:47

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: WebMoney Transfer Ltd.
FileDescription: WebMoney
FileVersion: 3.1.1.0
InternalName: launcher4.exe
LegalCopyright: Copyright 1998 WM Transfer Ltd.
LegalTrademarks: 
OriginalFilename: launcher4.exe
ProductName: WebMoney
ProductVersion: 3.1.1.0
Assembly Version: 3.1.1.0

Cerbu.124952 also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Cerbu.124952
FireEye	Generic.mg.f2305e3e624b6d6a
ALYac	Gen:Variant.Cerbu.124952
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Riskware ( 0050b1e11 )
K7AntiVirus	Riskware ( 0050b1e11 )
BitDefenderTheta	Gen:NN.ZemsilF.34062.Cm0@a8@QYdc
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Riskware.GameHack.X
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Cerbu.124952
Tencent	Malware.Win32.Gencirc.114cee63
Ad-Aware	Gen:Variant.Cerbu.124952
Sophos	Mal/Generic-S
Comodo	Application.MSIL.GameHack.X@7kik7t
TrendMicro	TROJ_GEN.R002C0PL421
McAfee-GW-Edition	BehavesLike.Win32.Generic.gh
Emsisoft	Gen:Variant.Cerbu.124952 (B)
Paloalto	generic.ml
GData	Gen:Variant.Cerbu.124952
Jiangmin	Trojan.Generic.gxeqk
eGambit	Unsafe.AI_Score_99%
Avira	TR/Dropper.Gen7
Antiy-AVL	Trojan/Generic.ASMalwS.23F926F
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3	Unwanted/Win32.GameHack.R215214
Acronis	suspicious
McAfee	GenericRXDJ-VN!F2305E3E624B
MAX	malware (ai score=89)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Malware.AI.1064739297
TrendMicro-HouseCall	TROJ_GEN.R002C0PL421
Yandex	Trojan.Agent!t2bfbyvrciI
SentinelOne	Static AI – Malicious PE
MaxSecure	Win.MxResIcn.Heur.Gen
Fortinet	MSIL/Agent.SHR!tr
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.5b7623
Panda	Trj/GdSda.A

How to remove Cerbu.124952?

Cerbu.124952 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X