Malware

Cerbu.4856 removal tips

Malware Removal

The Cerbu.4856 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Cerbu.4856 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings

Related domains:

wpad.local-net
net-forwarding.com
cross-theeng.com

How to determine Cerbu.4856?



File Info:

name: D40B0F3C1C86270648A5.mlw
path: /opt/CAPEv2/storage/binaries/089d620c992e9c82eeacee74d3218a5c0d35a9dd83359c856b6bf3c4d43fc2aa
crc32: 6E5EE18E
md5: d40b0f3c1c86270648a5c98a41ccc24b
sha1: a742d6bc3c27e6ec33369e35ddd47e9ec79526b2
sha256: 089d620c992e9c82eeacee74d3218a5c0d35a9dd83359c856b6bf3c4d43fc2aa
sha512: 72993ea0e0cb226d45c34e0bc69364a403251b41e2c9b8888ffefa29248499c0384645a77a925eba9a1d806a6bef2cef7ab385d9b2ebb0c7290f9dd75068caa7
ssdeep: 1536:2JrjcvJxgMncjq/890dmTKmZ93VzFFt4n8LyQ7g00UoZv:urQxgDqno3VzBoXQExnZv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19383DF1352929022F2A68178463FCB3D99187DB55B80C5D77BCCEE6E06385952E36F0F
sha3_384: 2664c04c2cb8688305bd31e75bc4a09dee6acf7bbd4ac28222ff3a6d34d3686f64a4daa41688a0bed8cff6ed40d42c55
ep_bytes: 558bec6aff68f8654000681252400064
timestamp: 2013-12-01 17:18:11


Version Info:

Comments: 
CompanyName: 
FileDescription: ecfile Microsoft 
FileVersion: 1, 0, 0, 1
InternalName: ecfile
LegalCopyright:  (C) 2003
LegalTrademarks: 
OriginalFilename: ecfile.EXE
PrivateBuild: 
ProductName: ecfile
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0c0c 0x04b0

Cerbu.4856 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zbot.lZU3
Elasticmalicious (high confidence)
DrWebTrojan.Winlock.8004
MicroWorld-eScanGen:Variant.Cerbu.4856
FireEyeGeneric.mg.d40b0f3c1c862706
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacGen:Variant.Cerbu.4856
CylanceUnsafe
ZillyaTrojan.Inject.Win32.66551
SangforTrojan.Win32.Zbot.quav
Cybereasonmalicious.c1c862
BitDefenderThetaGen:NN.ZexaF.34294.eq3@ayuTR9nb
SymantecPacked.Generic.452
ESET-NOD32a variant of Win32/Injector.ASIW
TrendMicro-HouseCallTROJ_SPNR.11LE13
ClamAVWin.Trojan.Zbot-9828858-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Cerbu.4856
NANO-AntivirusTrojan.Win32.Zbot.cqqmtu
SUPERAntiSpywareBackdoor.PushDo/Variant
AvastWin32:Agent-ASKQ [Trj]
TencentMalware.Win32.Gencirc.114c9a3a
Ad-AwareGen:Variant.Cerbu.4856
SophosMal/Zbot-OA
ComodoTrojWare.Win32.Injector.ASD@54x0gx
BaiduWin32.Trojan.Inject.h
VIPRETrojan.Win32.Fareit.if (v)
TrendMicroTROJ_SPNR.11LE13
McAfee-GW-EditionDownloader-FEX!D40B0F3C1C86
SentinelOneStatic AI – Suspicious PE
EmsisoftGen:Variant.Cerbu.4856 (B)
IkarusTrojan-Spy.Zbot
GDataGen:Variant.Cerbu.4856
JiangminTrojanSpy.Zbot.dzpa
WebrootTrojan.Dropper.Gen
AviraTR/Spy.Zbot.8581754
Antiy-AVLTrojan/Generic.ASMalwS.634274
KingsoftWin32.Troj.Zbot.qu.(kcloud)
ArcabitTrojan.Cerbu.D12F8
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R90243
McAfeeDownloader-FEX!D40B0F3C1C86
TACHYONTrojan-Spy/W32.ZBot.81721
VBA32SScope.Malware-Cryptor.Hlux
MalwarebytesTrojan.Agent.ED
APEXMalicious
RisingMalware.Obscure/Heur!1.A89E (CLASSIC)
YandexTrojanSpy.Zbot!Fe0NdxFyU0E
MAXmalware (ai score=89)
FortinetW32/Injector.CHIH!tr
AVGWin32:Agent-ASKQ [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Cerbu.4856?

Cerbu.4856 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment