How to remove “ExNuma.1 (B)”?

The ExNuma.1 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What ExNuma.1 (B) virus can do?

Behavioural detection: Executable code extraction – unpacking
Possible date expiration check, exits too soon after checking local time
Authenticode signature is invalid
Anomalous binary characteristics

How to determine ExNuma.1 (B)?


File Info:
name: E53C4E02141F3707DE24.mlw
path: /opt/CAPEv2/storage/binaries/8eaba1ab80a340c6ba80182f0ded3d4fcd18fe2063df16633ad5246612f0f5ea
crc32: 400AD0B3
md5: e53c4e02141f3707de2427e8c8c237eb
sha1: 0c630e2543fb4a99269fd824f74817edf662ba9c
sha256: 8eaba1ab80a340c6ba80182f0ded3d4fcd18fe2063df16633ad5246612f0f5ea
sha512: 2ab26e01486cb2de271d57ff88386bfaef5f84c4b9106d90eec8e73bbf7be717cdd858a5ec3b5386a178e8d08611ec2ca6d4f1ad5b9735dd5b60c9dd4d2be19b
ssdeep: 24576:ukqBfi6OPozOiz0iu7ZpK6luqzY0AQvOneEBfCw5H25ZEaam89A7XXNMp9AMXOJY:atfOiz0pp7luq5A1Ehd89A68LMcp3D
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T156C5BE74A650EF5ACD17B3B10059A275D41E4FC0E532E2898FA8BC83F429FB11BAD1E5
sha3_384: 5aa43f7b94487dc950a67b65382a2592ef32f28f813991d29daf634d31207ac8808213e7cc2ffe7d6b25dd8bd1348c68
ep_bytes: e8899121006a00ff15a4c06100c3cea5
timestamp: 2022-01-28 01:47:05

Version Info:
0: [No Data]

ExNuma.1 (B) also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.ExNuma.1
ALYac	Gen:Variant.ExNuma.1
Cylance	Unsafe
BitDefender	Gen:Variant.ExNuma.1
CrowdStrike	win/malicious_confidence_70% (D)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNPY
APEX	Malicious
Kaspersky	UDS:Trojan-Spy.Win32.Stealer.bbnr
Rising	Backdoor.Bladabindi!8.B1F (TFE:dGZlOgJiimhdYvLULg)
Ad-Aware	Gen:Variant.ExNuma.1
Emsisoft	Gen:Variant.ExNuma.1 (B)
F-Secure	Heuristic.HEUR/AGEN.1119113
McAfee-GW-Edition	GenericRXQB-IY!E53C4E02141F
FireEye	Generic.mg.e53c4e02141f3707
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.ExNuma.1
Avira	HEUR/AGEN.1119113
Arcabit	Trojan.ExNuma.1
Microsoft	VirTool:Win32/Pucrpt.A!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R442079
McAfee	GenericRXQB-IY!E53C4E02141F
MAX	malware (ai score=86)
VBA32	BScope.TrojanSpy.Stealer
Malwarebytes	Backdoor.AsyncRAT
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/Kryptik.HNPY!tr
BitDefenderTheta	AI:Packer.A5E9782F1E
AVG	Win32:Evo-gen [Susp]
Cybereason	malicious.2141f3
Avast	Win32:Evo-gen [Susp]

How to remove ExNuma.1 (B)?

ExNuma.1 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X