Categories: Malware

Should I remove “Cerbu.6383”?

The Cerbu.6383 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Cerbu.6383 virus can do?

Executable code extraction
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Portuguese
Code injection with CreateRemoteThread in a remote process
Tries to unhook or modify Windows functions monitored by Cuckoo
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a slightly modified copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

blackfreeqazyio.cc

How to determine Cerbu.6383?


File Info:
crc32: C1FDB4E9md5: 6f2ef4bcdfcff937622331be214f3a04name: 6F2EF4BCDFCFF937622331BE214F3A04.mlwsha1: af7481967f638a87d63201acf5110dd3408e231dsha256: e6f8054aa3517d2e0e1ad5239038a95ffcfeae583bfb08ee735ab5a533fe6004sha512: 102e20dd8ec8466185c33eadcf8045c8890a61d3e4fbc63985879e1263e3a67be3e87f6fdebc6c04b0c2237bfc82d21324e386f63b06069760271b3cf1cfe551ssdeep: 3072:oUs/7wIByLKasQRmngeIvm8QUuP81JL1ScC474jXsrd5YM:o97wDrbeIpu0jssp5type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright c 2015InternalName: evaluationFileVersion: 10, 113, 220, 104CompanyName: FTP Software, Inc.PrivateBuild: floggerLegalTrademarks: forecastComments: flogProductName: fatten irkSpecialBuild: henceforwardProductVersion: 155, 27, 104, 69FileDescription: gathererOriginalFilename: enumerateTranslation: 0x040a 0x04b0

Cerbu.6383 also known as:

K7AntiVirus	Trojan ( 0055dd191 )
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Tinba.161
Cynet	Malicious (score: 100)
CAT-QuickHeal	Downloader.Small.7667
ALYac	Gen:Variant.Cerbu.6383
Cylance	Unsafe
Zillya	Trojan.Tinba.Win32.2791
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 0055dd191 )
Cybereason	malicious.cdfcff
Cyren	W32/S-8e0e80be!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.DFTU
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Cerbu.6383
NANO-Antivirus	Trojan.Win32.Tinba.dtugof
MicroWorld-eScan	Gen:Variant.Cerbu.6383
Tencent	Malware.Win32.Gencirc.10b2466f
Ad-Aware	Gen:Variant.Cerbu.6383
Sophos	ML/PE-A + Mal/Tinba-I
Comodo	TrojWare.Win32.Tinba.DFTU@7hj6az
BitDefenderTheta	Gen:NN.ZexaF.34266.kq0@aGBXSoVO
VIPRE	Trojan.Win32.Carberp.i (v)
TrendMicro	TROJ_KRYPTIK_GD040094.UVPM
McAfee-GW-Edition	Packed-EW!6F2EF4BCDFCF
FireEye	Generic.mg.6f2ef4bcdfcff937
Emsisoft	Gen:Variant.Cerbu.6383 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Banker.Tinba.bdo
Avira	HEUR/AGEN.1118863
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.1281196
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Arcabit	Trojan.Cerbu.D18EF
GData	Gen:Variant.Cerbu.6383
TACHYON	Trojan/W32.Agent.164864.QB
AhnLab-V3	Trojan/Win32.Tinba.R160150
McAfee	Packed-EW!6F2EF4BCDFCF
MAX	malware (ai score=84)
VBA32	TrojanBanker.Tinba
Malwarebytes	Trojan.Tinba
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_KRYPTIK_GD040094.UVPM
Rising	Trojan.Kryptik!1.AFB1 (CLASSIC)
Yandex	Trojan.PWS.Tinba!oVHWlSG3Q24
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Deshacop.XO!tr
AVG	Win32:Malware-gen