Malware

Generic.Mulinex.6D0A8001 (file analysis)

Malware Removal

The Generic.Mulinex.6D0A8001 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Mulinex.6D0A8001 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Mulinex.6D0A8001?



File Info:

name: C694A30E1C72C0B0BEEC.mlw
path: /opt/CAPEv2/storage/binaries/b501f311f9d590027c1785c7b7accda5f36952453a0eedbdff591d40a274f226
crc32: CD48F331
md5: c694a30e1c72c0b0beece86c9ace17f0
sha1: 387a7f2cddfba297c95ea650d1e62ad2ca9c28a6
sha256: b501f311f9d590027c1785c7b7accda5f36952453a0eedbdff591d40a274f226
sha512: 24c70eea9836e51d1e4206bd5da0352be504017b396d4e2866f89ff9a77a74b189c69f80bb36798341d5e206efd8ce435d934289748476bc641334a01384a9c4
ssdeep: 12288:FORHEQOe3gWZ5J8mtApiOyo70d4ki68HF:FOvOeQEnSiW02H68l
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T165942312522B4510FF160636E61EC3E18E19B4AB8F3867168C458C6DBAF7EF58DB2347
sha3_384: 45c75745252b2e9f8e0a4c874b6564acbbbc567e53c76785631108549c5545b5f884ebe274b7f8a892d23cd8eafbfe7d
ep_bytes: 60be009043008dbe0080fcff5783cdff
timestamp: 2021-03-30 14:05:46


Version Info:

CompanyName: 
FileDescription: Application MFC AAAA
FileVersion: 1, 0, 0, 1
InternalName: AAAA
LegalCopyright: Copyright (C) 2021
LegalTrademarks: 
OriginalFilename: AAAA.EXE
ProductName: Application AAAA
ProductVersion: 1, 0, 0, 1
Translation: 0x040c 0x04b0

Generic.Mulinex.6D0A8001 also known as:

Elasticmalicious (moderate confidence)
MicroWorld-eScanDeepScan:Generic.Mulinex.6D0A8001
FireEyeGeneric.mg.c694a30e1c72c0b0
CAT-QuickHealBackdoor.ZegostRI.S27261727
ALYacDeepScan:Generic.Mulinex.6D0A8001
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057d73d1 )
K7GWTrojan ( 0057d73d1 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/Trickbot.GW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Farfli.CYQ
APEXMalicious
AvastFileRepMalware [Trj]
ClamAVWin.Trojan.Gh0stRAT-9943764-1
KasperskyUDS:Trojan.Win32.Generic
BitDefenderDeepScan:Generic.Mulinex.6D0A8001
NANO-AntivirusTrojan.Win32.Mlw.iucbro
TencentMalware.Win32.Gencirc.10ce48bd
Ad-AwareDeepScan:Generic.Mulinex.6D0A8001
TACHYONTrojan/W32.Agent.614400.SL
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebBackDoor.Spy.422
ZillyaTrojan.Farfli.Win32.40949
TrendMicroBKDR_ZEGOST.SM34
McAfee-GW-EditionGenericRXOD-IK!BFC17A48C708
Trapminemalicious.moderate.ml.score
EmsisoftDeepScan:Generic.Mulinex.6D0A8001 (B)
JiangminTrojan.Generic.gvvqu
AviraHEUR/AGEN.1212217
GDataDeepScan:Generic.Mulinex.6D0A8001
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win.Zegost.R422117
McAfeeGenericRXAA-AA!C694A30E1C72
MAXmalware (ai score=89)
VBA32BScope.Backdoor.Farfli
MalwarebytesBackdoor.Farfli
TrendMicro-HouseCallBKDR_ZEGOST.SM34
RisingBackdoor.Zegost!8.177 (CLOUD)
YandexTrojan.Agent!L9KpboeT9f4
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Farfli.CYQ!tr
BitDefenderThetaGen:NN.ZexaF.34742.zmKfaGZjI!ee
AVGFileRepMalware [Trj]
Cybereasonmalicious.e1c72c

How to remove Generic.Mulinex.6D0A8001?

Generic.Mulinex.6D0A8001 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment