Categories: Malware

Exploit.cve20120152 removal guide

The Exploit.cve20120152 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Exploit.cve20120152 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Attempts to connect to a dead IP:Port (12 unique times)
Dynamic (imported) function loading detected
Enumerates running processes
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Sniffs keystrokes
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine Exploit.cve20120152?


File Info:
name: 0679FB4E7FE36533C2AE.mlwpath: /opt/CAPEv2/storage/binaries/2f2d5c5a68cd8cf0766434ff299f3a580d5196e5950e66e9bbb11e366a16fbcacrc32: 428F8444md5: 0679fb4e7fe36533c2ae7a821e8438e7sha1: 9ca208ab05385f92a46972f182aa6157b659c678sha256: 2f2d5c5a68cd8cf0766434ff299f3a580d5196e5950e66e9bbb11e366a16fbcasha512: d3db3f2492194c63424c47779307dff403e5f37527dc51568f6b112e377d51cb9458befcbed83801333dc31b09ae33261aaac0a175694ed1eb81dfb02436c57assdeep: 196608:zUAl4tULrHHQt9VZpHD4KistCYID/4JMf90U77O6uHmPMFLOyomFHKnP:zNlhi95EKxtCYIDFN72HmPMFtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T15796F0217A484076D7E202F18EE8AE6CD5FE7D3D1B3607F312D03A7A2E716815A2552Fsha3_384: e0fa84877983558ce09b6bcba15e7a6642f2bffaf249f5ed87bdc8dace44966971d58cc83f27dbcf9657a1de949e3860ep_bytes: e8208f0000e97ffeffff3b0d90a45b00timestamp: 2022-06-22 12:59:17
Version Info:
CompanyName: TODO:  FileVersion: 1.0.0.1LegalCopyright: TODO:  (C) 。  保留所有权利。ProductName: TODO:  ProductVersion: 1.0.0.1Translation: 0x0804 0x04b0

Exploit.cve20120152 also known as:

MicroWorld-eScan	Gen:Variant.Cerbu.140916
FireEye	Gen:Variant.Cerbu.140916
Cybereason	malicious.e7fe36
ESET-NOD32	a variant of Win32/GenKryptik.FVTO
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Poison.gen
BitDefender	Gen:Variant.Cerbu.140916
Avast	Win32:CrypterX-gen [Trj]
Tencent	Win32.Trojan.Genkryptik.Eyj
Ad-Aware	Gen:Variant.Cerbu.140916
Emsisoft	Gen:Variant.Cerbu.140916 (B)
Zillya	Trojan.GenKryptik.Win32.145617
Sophos	Generic ML PUA (PUA)
GData	Gen:Variant.Cerbu.140916
Jiangmin	Backdoor.Poison.eda
Kingsoft	Win32.Hack.Undef.(kcloud)
Arcabit	Trojan.Cerbu.D22674
Microsoft	Trojan:Win32/Wacatac.B!ml
BitDefenderTheta	Gen:NN.ZexaF.34742.@x0@aeYfzJpb
ALYac	Gen:Variant.Cerbu.140916
MAX	malware (ai score=88)
Malwarebytes	Exploit.cve20120152
Rising	Trojan.Generic@AI.80 (RDMK:cmRtazq59dM0dAaUsmk7MRIrbnVL)
Ikarus	Trojan.Win32.Krypt
AVG	Win32:CrypterX-gen [Trj]