Malware

Dropped:Generic.Rebhip.6BA876F5 removal tips

Malware Removal

The Dropped:Generic.Rebhip.6BA876F5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Generic.Rebhip.6BA876F5 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the CyberGate malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Creates known SpyNet mutexes and/or registry changes.
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Dropped:Generic.Rebhip.6BA876F5?



File Info:

name: 5F113DEAA998A5370BDB.mlw
path: /opt/CAPEv2/storage/binaries/48ad7d60a1c5ec7a5e7e4dbecf95041571e8fd704d1cf6af865c35f9d109d802
crc32: B9ACF38E
md5: 5f113deaa998a5370bdb5778946676e6
sha1: fabc2b2edd20eed26eb001260aca1d9169d8b586
sha256: 48ad7d60a1c5ec7a5e7e4dbecf95041571e8fd704d1cf6af865c35f9d109d802
sha512: 2d2790ad4c46005b95d1b3f4f8f1e1361efb73dba25157803f3513b7d9a30d5d5381cab5bf11c9c37e8e564009327697135c8914357929fada0fcc61161fe740
ssdeep: 6144:+/cuodfGJNu3qiyWGmMlbnWasz9NllZQI0U5iF1sh/vRQUO91rIAy:+hPnu3q3ZlbK9NlX0iOI5O91EAy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C664015292E48177E0F137B055FD26631B79FCE07B78639F928494C96E322C09A3932B
sha3_384: 7f0de48e711c8cabb499e2f89736a69305b67ffd29f8188c57cdbe3115f3047854e8655c575b2d2a89e4006e31518547
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2008-04-13 18:32:45


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.5512
Translation: 0x0409 0x04b0

Dropped:Generic.Rebhip.6BA876F5 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.ld1i
Elasticmalicious (moderate confidence)
MicroWorld-eScanDropped:Generic.Rebhip.6BA876F5
CAT-QuickHealWorm.Rebhip.A8
SkyhighBehavesLike.Win32.Dropper.fc
ALYacDropped:Generic.Rebhip.6BA876F5
VIPREDropped:Generic.Rebhip.6BA876F5
SangforDropper.Win32.Rebhip.V9kv
BitDefenderDropped:Generic.Rebhip.6BA876F5
Cybereasonmalicious.edd20e
ArcabitGeneric.Rebhip.6BA876F5
VirITTrojan.Win32.Generic.N
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spatet.A
APEXMalicious
ClamAVWin.Trojan.Agent-372981
KasperskyTrojan.Win32.Llac.ndd
AlibabaWorm:Win32/Rebhip.99dab84a
NANO-AntivirusTrojan.Win32.Bifrose.bjyor
RisingTrojan.Generic@AI.100 (RDML:NbcCiBKa605pIJ+JCr1wzQ)
EmsisoftDropped:Generic.Rebhip.6BA876F5 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebBackDoor.Cybergate.1
Trapminemalicious.high.ml.score
FireEyeDropped:Generic.Rebhip.6BA876F5
SophosTroj/BadCab-A
IkarusBackdoor.Win32.Bifrose
JiangminTrojan/Llac.bkf
WebrootW32.Worm.Rebhip.A
GoogleDetected
AviraTR/Dropper.Gen
Kingsoftmalware.kb.a.997
XcitiumTrojWare.Win32.Agent.~Wrar@1n6zi5
MicrosoftTrojanSpy:Win32/Rebhip.A!upx
ZoneAlarmTrojan.Win32.Llac.ndd
GDataDropped:Generic.Rebhip.6BA876F5
CynetMalicious (score: 99)
McAfeeArtemis!5F113DEAA998
MAXmalware (ai score=100)
DeepInstinctMALICIOUS
VBA32Trojan.Inject
Cylanceunsafe
PandaTrj/Chgt.AD
TencentWin32.Trojan.Llac.Cnhl
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Chifrax.D
FortinetW32/ModCab.A!tr
AVGWin32:AutoRun-CIN [Trj]
AvastWin32:AutoRun-CIN [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Dropped:Generic.Rebhip.6BA876F5?

Dropped:Generic.Rebhip.6BA876F5 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment