Categories: Malware

Generic.Mulinex.3A5937D6 removal tips

The Generic.Mulinex.3A5937D6 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Mulinex.3A5937D6 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Guard pages use detected – possible anti-debugging.
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Enumerates running processes
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Creates a hidden or system file
Uses suspicious command line tools or Windows utilities

How to determine Generic.Mulinex.3A5937D6?


File Info:
name: 3A97F92DA2E47ECAA249.mlwpath: /opt/CAPEv2/storage/binaries/595d78e0e5fd61977ea5435b613034baeb8ed8142372277e857ed8f3e2c50b80crc32: 0D1B3773md5: 3a97f92da2e47ecaa249392857a8316esha1: 2d4b0dbf522e6d76ec5dae9f50bc1587e9d9d258sha256: 595d78e0e5fd61977ea5435b613034baeb8ed8142372277e857ed8f3e2c50b80sha512: 2723a65e4e274af39cd6deb9b9d18465953c7157c841ea6a39e95bb8d12116a8f96bac6baafe8b60054cfd5321bec283f11bd99730b3f7cba057d2f90e9d2f97ssdeep: 12288:koZt7UExwRslNP38wwio8hWwQPtDMUVn7I/+x:ZB+Wz8wfo8vQFpJ7I/Ctype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T121C4120B6155C463E51C4C308B839FFB9F55AE518E468B0FB6B0BF9EAD70380B42538Asha3_384: 1bc5286b3a5bb6ef5adb71e8241834c45183a951bc8cda6259353c1f30f1364379dbd4a18f7156a5cb217b8dcb512385ep_bytes: 60be00a04d008dbe0070f2ff5783cdfftimestamp: 2021-12-28 18:38:54
Version Info:
CompanyName: Microsoft CorporationFileDescription: Depuración del programa de instalación de Microsoft DirectXFileVersion: 4.9.0.0904InternalName: dxsetup.exeLegalCopyright: Copyright © Microsoft Corporation. Reservados todos los derechos.OriginalFilename: dxsetup.exeProductName: Microsoft® DirectX para Windows®ProductVersion: 4.9.0.0904Translation: 0x040a 0x04b0

Generic.Mulinex.3A5937D6 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Mulinex.3A5937D6
FireEye	Generic.mg.3a97f92da2e47eca
CAT-QuickHeal	PUA.BitminRI.S9338387
McAfee	GenericRXAA-AA!3A97F92DA2E4
Cylance	Unsafe
Zillya	Trojan.CoinMiner.Win32.41696
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005246d51 )
Alibaba	Trojan:Win32/Miner.887c412d
K7GW	Trojan ( 005246d51 )
Cybereason	malicious.da2e47
Baidu	Win32.Trojan.Farfli.e
Cyren	W32/Trojan.CLL.gen!Eldorado
Symantec	Miner.XMRig
ESET-NOD32	a variant of Win32/CoinMiner.BUF
APEX	Malicious
Paloalto	generic.ml
ClamAV	Multios.Coinminer.Miner-6781728-2
Kaspersky	HEUR:Trojan.Win32.Miner.gen
BitDefender	Generic.Mulinex.3A5937D6
Avast	Win32:CoinMiner-M [Trj]
Tencent	Malware.Win32.Gencirc.10d00328
Ad-Aware	Generic.Mulinex.3A5937D6
Sophos	ML/PE-A + Troj/Agent-BCPO
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
DrWeb	Trojan.Fakealert.59687
TrendMicro	TROJ_GEN.R002C0DAQ22
McAfee-GW-Edition	Trojan-FUEG!BD0A5834C36D
Emsisoft	Generic.Mulinex.3A5937D6 (B)
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.PSE.5LSHNI
Jiangmin	Trojan.Sasfis.tq
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1136186
Antiy-AVL	Trojan/Generic.ASCommon.FA
Kingsoft	Win32.Heur.KVM099.a.(kcloud)
Microsoft	Trojan:Win32/CoinMiner
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R352067
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34182.JmLfaSypJLib
ALYac	Generic.Mulinex.3A5937D6
MAX	malware (ai score=87)
VBA32	BScope.Trojan.Dynamer
Malwarebytes	RiskWare.BitCoinMiner
TrendMicro-HouseCall	TROJ_GEN.R002C0DAQ22
Rising	Backdoor.Agent!1.B7E4 (CLOUD)
Yandex	Trojan.Miner!ismK3Zgwh1c
Ikarus	Trojan.Win32.CoinMiner
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.ELG!tr.pws
AVG	Win32:CoinMiner-M [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (D)