Malware

How to remove “Cerbu.128032 (B)”?

Malware Removal

The Cerbu.128032 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Cerbu.128032 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Likely virus infection of existing system binary

How to determine Cerbu.128032 (B)?



File Info:

name: A95ABA305392B6A5DC42.mlw
path: /opt/CAPEv2/storage/binaries/7c16a7e52e7bd1bb32e61656399c0d975e52442cf4caccdf0d96bdc64545e8b2
crc32: 821F8525
md5: a95aba305392b6a5dc428c3fbb5874a7
sha1: 436df22b903f41ea631aca26b7bb0ef95b41b8a1
sha256: 7c16a7e52e7bd1bb32e61656399c0d975e52442cf4caccdf0d96bdc64545e8b2
sha512: cab143b19e2d5b159f2534b07b0282d9a88851f2ffcaf108d8df6ca2dee61de1aa4a4a9156daa74de28ca88574ad1e51d121b059704a18bf5b0249f7085b492a
ssdeep: 196608:djdHgF+U4Ze2rwCCONi7bwOFmjct4Mv7Auogr:Hc+vY2rDCONBOn4Y7Qgr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10566334DD7798D26E8AD18396C119FED13325DE00030B22D319EB89B3FAB1D25BA7716
sha3_384: 47ae6ed9e5aa977a16fc8ae5ddcd594979d71ce48fa925de462ba2299c3d47d154db13c099eb1ee388e56a1a701d5ada
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Adaiko Software                                             
FileDescription: Art CD Catalog Professional Setup                           
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Cerbu.128032 (B) also known as:

LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanGen:Variant.Cerbu.128032
FireEyeGen:Variant.Cerbu.128032
ALYacGen:Variant.Cerbu.128032
CylanceUnsafe
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.046a1152
K7GWTrojan ( 005722f11 )
CyrenW32/Agent.DZH.gen!Eldorado
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R067C0WAK22
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Ekstak.gen
BitDefenderGen:Variant.Cerbu.128032
AvastFileRepMalware
TencentWin32.Trojan-dropper.Agent.Lmuk
Ad-AwareGen:Variant.Cerbu.128032
EmsisoftGen:Variant.Cerbu.128032 (B)
F-SecureHeuristic.HEUR/AGEN.1219006
TrendMicroTROJ_GEN.R067C0WAK22
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SophosMal/Generic-S
GDataGen:Variant.Cerbu.128032
JiangminTrojan.Ekstak.bvbx
AviraHEUR/AGEN.1219006
MAXmalware (ai score=82)
ArcabitTrojan.Cerbu.D1F420
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Adware-gen.R466195
McAfeeArtemis!A95ABA305392
VBA32Trojan.Ekstak
MalwarebytesAdware.DownloadAssistant
IkarusTrojan-Dropper.Win32.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetRiskware/Agent
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Cerbu.128032 (B)?

Cerbu.128032 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment