Malware

How to remove “Cerbu.155459”?

Malware Removal

The Cerbu.155459 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Cerbu.155459 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Cerbu.155459?



File Info:

name: 84ADD58EAD71A0AFD442.mlw
path: /opt/CAPEv2/storage/binaries/a859e951b021abeccc36c59243b3d1433220215618f47aaf29ba558a7bc59f2f
crc32: AE51434B
md5: 84add58ead71a0afd4426c0584c4228a
sha1: 460555ba8bee0191ab8c347466982171e4442a5b
sha256: a859e951b021abeccc36c59243b3d1433220215618f47aaf29ba558a7bc59f2f
sha512: 911544ceebd5e476362c9d8bc790869c4b2988ff145f0437c88728195707962a66d4c1463361e1a3a9be741cc28cf83de63d937fba615a9546d5ec55e61d739d
ssdeep: 196608:bpqpoy8GMWSVjbRD/cLKkDEJ/iICHAYLZwdpv7MSi4BKzKHRI:bUpo6MxJ/cgJBCHdwd9/9Kzb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D2863390E44122FAF02C4633588E869E9B133D748D855A5C71F8F37AEB374D8C95E6CA
sha3_384: c283ca0eb3b8539b950b642f345a20419ae80832c77f5bacc9957bdab7feb64c44c92658aac68c8b9c6e17f03810fb58
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:18


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Disk Tools                                                  
FileVersion: 1.0.2.65            
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Cerbu.155459 also known as:

LionicTrojan.Win32.Ekstak.4!c
DrWebTrojan.DownLoader45.29321
MicroWorld-eScanGen:Variant.Cerbu.155459
FireEyeGen:Variant.Cerbu.155459
McAfeeArtemis!84ADD58EAD71
CylanceUnsafe
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.c88cd05a
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.MBT
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
TrendMicro-HouseCallTROJ_GEN.R002H0CJV22
Paloaltogeneric.ml
KasperskyUDS:Trojan.Win32.Ekstak.gen
BitDefenderGen:Variant.Cerbu.155459
AvastOther:Malware-gen [Trj]
TencentWin32.Trojan.Ekstak.Kflw
Ad-AwareGen:Variant.Cerbu.155459
EmsisoftGen:Variant.Cerbu.155459 (B)
VIPREGen:Variant.Cerbu.155459
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataGen:Variant.Cerbu.155459
JiangminTrojan.Ekstak.cctg
AviraHEUR/AGEN.1253015
MAXmalware (ai score=82)
ArcabitTrojan.Cerbu.D25F43
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Trojan-gen.C5289520
ALYacGen:Variant.Cerbu.155459
MalwarebytesAdware.DownloadAssistant
FortinetW32/Agent.SLC!tr.dldr
AVGOther:Malware-gen [Trj]

How to remove Cerbu.155459?

Cerbu.155459 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment