Cerbu.144807 (B) malicious file

The Cerbu.144807 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Cerbu.144807 (B) virus can do?

Performs HTTP requests potentially not found in PCAP.
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Cerbu.144807 (B)?


File Info:
name: B1B7F52815C91DEF456B.mlw
path: /opt/CAPEv2/storage/binaries/a5112b56ecca863b22ed936681c800b6c763f5b2eaab491f9be7e72fd65453e9
crc32: D790CE46
md5: b1b7f52815c91def456b911528efcc91
sha1: 4ac39c9d4cdf8c8a6f3df28d040fb1bebd610af1
sha256: a5112b56ecca863b22ed936681c800b6c763f5b2eaab491f9be7e72fd65453e9
sha512: cf640a5c017b638ac2be7e1fd76bd6f408fe93f1a84488e03162b7a3dd0bab0bac0efe8ba137b5b006d9e4bc238ffdd715c8b313fd50cea54dc31f3d85854032
ssdeep: 6144:NnSIJdkqbW0uJChUHB/rJmYmH/lNgjNUg1XK0aqHtx8BAO3VqCm:NnSydk6WJJChUHB/1mYmflNgjK37uCm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF447C1078A2C432D57211371968EBB6896DB8350B6559DBB3C40F7ACF302D2AA71F7B
sha3_384: 3a50e8740fd4b1c724fc9c80d4ff83782c797e9c860c3c9f08a77642be4447eb1e1a33f67b2b207c2094a726e787566b
ep_bytes: e8bd050000e97afeffff8b4df464890d
timestamp: 2022-08-23 16:08:14

Version Info:
0: [No Data]

Cerbu.144807 (B) also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Cerbu.144807
FireEye	Generic.mg.b1b7f52815c91def
McAfee	Artemis!B1B7F52815C9
Cylance	Unsafe
VIPRE	Gen:Variant.Cerbu.144807
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 005480a41 )
K7GW	Trojan-Downloader ( 005480a41 )
Cybereason	malicious.815c91
Cyren	W32/Agent.EPA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.ELB
APEX	Malicious
Kaspersky	HEUR:Trojan-PSW.Win32.Tepfer.vho
BitDefender	Gen:Variant.Cerbu.144807
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	Gen:Variant.Cerbu.144807
Sophos	Mal/Generic-S
DrWeb	Trojan.DownLoader45.13164
McAfee-GW-Edition	BehavesLike.Win32.BadFile.dh
Emsisoft	Gen:Variant.Cerbu.144807 (B)
Ikarus	Trojan-Downloader.Win32.Agent
Jiangmin	TrojanDownloader.GCleaner.r
Google	Detected
Avira	HEUR/AGEN.1250671
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan-PSW.Win32.Tepfer.vho
GData	Gen:Variant.Cerbu.144807
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Gen.Generic.C5120832
Acronis	suspicious
VBA32	BScope.Trojan.Downloader
MAX	malware (ai score=80)
Rising	Stealer.Tepfer!8.13357 (TFE:5:GAcPM9o0kQE)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.ELB!tr.dldr
BitDefenderTheta	AI:Packer.E9AC22A31F
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Cerbu.144807 (B)?

Cerbu.144807 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X