Malware

What is “Cerbu.140507”?

Malware Removal

The Cerbu.140507 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Cerbu.140507 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Likely virus infection of existing system binary

How to determine Cerbu.140507?



File Info:

name: EBD03999EEC653498D82.mlw
path: /opt/CAPEv2/storage/binaries/e77523eedfdfaeba30653e8e30721e115d7845c88641da1ac811880af0f125b3
crc32: B9ABA2EF
md5: ebd03999eec653498d82afb7258950db
sha1: 64503d3a39b92ee4a030aca56b643213654c1c2d
sha256: e77523eedfdfaeba30653e8e30721e115d7845c88641da1ac811880af0f125b3
sha512: 10b319fb659992d867be65b5c50ab01f0721fcd56e9ae576d10a9f441e6d1de9d097500c292997382ca00805b465e4fc95ab4cfee8a0f7c924d244a3a60f6808
ssdeep: 196608:aI2WHsDqS4mRL0biJni/N4rrKcnjL3Ak0TyHki6rOGNXcy2:V6JReih7rrfck0TyHkL3xS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D67633CBB65CD4F0F1DDCB3E0D5499144D3E2E93BFB2A449A41C42B86DADE8982452E3
sha3_384: b57529871607ad71a8dfca5c84b7f90a16bd7e0353a75d37bb88f53722f2143210306d906fc33f5d22739f18ca0d53f9
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Synel                                                       
FileDescription: Synel PC Cleaner                                            
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Cerbu.140507 also known as:

McAfeeArtemis!EBD03999EEC6
CylanceUnsafe
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDropper:Win32/Ekstak.d8726d2d
K7GWTrojan ( 005722fe1 )
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Ekstak.alzfy
BitDefenderGen:Variant.Cerbu.140507
MicroWorld-eScanGen:Variant.Cerbu.140507
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Cerbu.140507
FireEyeGen:Variant.Cerbu.140507
EmsisoftGen:Variant.Cerbu.140507 (B)
AviraTR/Drop.Agent.osqvl
MAXmalware (ai score=82)
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
GDataWin32.Backdoor.Bodelph.0PHD2W
ALYacGen:Variant.Cerbu.140507
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002H0DDS22
AVGWin32:Trojan-gen

How to remove Cerbu.140507?

Cerbu.140507 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment