Malware

Generic.Mint.Zamg.8.117B5496 removal guide

Malware Removal

The Generic.Mint.Zamg.8.117B5496 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic.Mint.Zamg.8.117B5496 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Serbian
  • Authenticode signature is invalid
  • CAPE detected the Azorult malware family
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine Generic.Mint.Zamg.8.117B5496?


File Info:

name: 6A407617408905D63399.mlw
path: /opt/CAPEv2/storage/binaries/02dd40afe5549af640a3e439d2d15a339acfc97b4837b81ccd7349fe287f0a8b
crc32: 4838C8D1
md5: 6a407617408905d63399ecd3c6ca309a
sha1: 152b9267e2042f6ebdba5205d3b953a1ac3eef03
sha256: 02dd40afe5549af640a3e439d2d15a339acfc97b4837b81ccd7349fe287f0a8b
sha512: 94ea89f432a0d178753c4ef87c866409c441a720a99f17acb917b852ed8ada3ce59ccf494ed636c5f5c3c8230ca12164743db313fe4150ae2772d96c8821701b
ssdeep: 3072:m9u6//Yolr2CWTm0+L84fvT1ylbNgBOzuX9qKVTbds2TV3YvOAspj0Bk:I///2d8LfElBwOU9qKV1J3YvOAspj0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DD243A34796C08BDF250ABF559FC8D47F4EAB8C79F5C94AF178085988922E50A73132E
sha3_384: 01f749e38c0e7c59482e55344bca5326bf288990f65289fa6a5a111bc4bcbaf38b8bc0fa90d86e5e140b2a3b5650d595
ep_bytes: e887330000e989feffff2da403000074
timestamp: 2017-07-04 18:33:26

Version Info:

FileVersion: 9.1.0.5
InternalName: dekoyed.exe
LegalCopyright: Copyright (C) 2018, zunadicefigas
ProductVersion: 9.1.0.5
Translation: 0x0649 0x04b0

Generic.Mint.Zamg.8.117B5496 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Azorult.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanDeepScan:Generic.Mint.Zamg.8.117B5496
FireEyeGeneric.mg.6a407617408905d6
ALYacDeepScan:Generic.Mint.Zamg.8.117B5496
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005447881 )
AlibabaTrojanPSW:Win32/Azorult.ff3c4e50
K7GWTrojan ( 005447881 )
Cybereasonmalicious.740890
ArcabitDeepScan:Generic.Mint.Zamg.8.117B5496
CyrenW32/Agent.AUT.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GODK
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-PSW.Win32.Azorult.csh
BitDefenderDeepScan:Generic.Mint.Zamg.8.117B5496
NANO-AntivirusTrojan.Win32.Azorult.flnrnh
AvastWin32:Malware-gen
TencentWin32.Trojan-qqpass.Qqrob.Wozo
Ad-AwareDeepScan:Generic.Mint.Zamg.8.117B5496
SophosML/PE-A + Troj/Inject-DUD
ComodoTrojWare.Win32.Propagate.FA@80b9yb
DrWebTrojan.PWS.Stealer.24300
VIPRETrojan.FakeAlert
TrendMicroTrojan.Win32.SODINOK.SM.hp
McAfee-GW-EditionBehavesLike.Win32.Dropper.dh
EmsisoftDeepScan:Generic.Mint.Zamg.8.117B5496 (B)
IkarusTrojan.Win32.Crypt
JiangminTrojan.PSW.Azorult.jn
AviraHEUR/AGEN.1121569
Antiy-AVLTrojan/Generic.ASMalwS.2A184D9
MicrosoftTrojan:Win32/Occamy.C
GDataDeepScan:Generic.Mint.Zamg.8.117B5496
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Fuerboos.C2905769
McAfeeTrojan-FPST!6A4076174089
MAXmalware (ai score=100)
VBA32BScope.Trojan.Chapak
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTrojan.Win32.SODINOK.SM.hp
RisingMalware.Obscure/Heur!1.A89E (CLASSIC)
YandexTrojan.GenAsa!XSWAQWuI5x8
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.GOFF!tr
BitDefenderThetaAI:Packer.CC736F8C1F
AVGWin32:Malware-gen
PandaGeneric Suspicious
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Generic.Mint.Zamg.8.117B5496?

Generic.Mint.Zamg.8.117B5496 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment