Malware

What is “Generic.Mulinex.C0057920”?

Malware Removal

The Generic.Mulinex.C0057920 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.Mulinex.C0057920 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Detects Bochs through the presence of a registry key
  • Empties the Recycle Bin, indicative of ransomware
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Mulinex.C0057920?


File Info:

name: 4D12ED94A92C08CE382C.mlw
path: /opt/CAPEv2/storage/binaries/0c78accc9c816d5a822109033e2c1ffaa8f88208a8af7e3a603bdd00d6cc5a1d
crc32: 4FA9F774
md5: 4d12ed94a92c08ce382c9b7f1013107d
sha1: 768f8fe878788b79f5d37d258b37d4512550ad4d
sha256: 0c78accc9c816d5a822109033e2c1ffaa8f88208a8af7e3a603bdd00d6cc5a1d
sha512: 713063efdf360e5286154f106b297ac9406cfde23604fed962bab3556838aee6da4ef570578a9c20bb1e1c818c8a8066a7c2a7acdd84960f822fe2b472190115
ssdeep: 12288:Ng0kk4Mqqi4XuuJwtPslNP38wwio8hWs8qaOG7xw:C0qoRwtEz8wfo8LaOGdw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F0C4121F261494A1D88C8C30C9A78AB96E24FD52CD416A8FFAB47F4E3D367C0B11658F
sha3_384: 8a8f98b588a00a234da4b772741c77a777971bb06e49a82d37272bc505186435b5c0d81aec66b45f5b0518cdc2985bf4
ep_bytes: 60be00604d008dbe00b0f2ff5783cdff
timestamp: 2021-12-10 19:21:15

Version Info:

CompanyName: Babylon Software Ltd.
FileDescription: Babylon Setup SE
FileVersion: 10.1.0.0
InternalName: Setup Stub
LegalCopyright: Copyright © Babylon Software Ltd. 1997-2016
OriginalFilename: SetupStub.exe
ProductName: Babylon Setup
ProductVersion: 10.1.0.0
Translation: 0x0409 0x04b0

Generic.Mulinex.C0057920 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.BtcMine.3404
MicroWorld-eScanGeneric.Mulinex.C0057920
CAT-QuickHealPUA.BitminRI.S9338387
McAfeeGenericRXAA-AA!4D12ED94A92C
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.4a92c0
BitDefenderThetaGen:NN.ZexaF.34084.ImLfaKPfqjhj
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecMiner.XMRig
ESET-NOD32a variant of Win32/CoinMiner.BUF
ClamAVMultios.Coinminer.Miner-6781728-2
Kasperskynot-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
BitDefenderGeneric.Mulinex.C0057920
AvastWin32:CoinMiner-M [Trj]
Ad-AwareGeneric.Mulinex.C0057920
EmsisoftGeneric.Mulinex.C0057920 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
BaiduWin32.Trojan.Farfli.e
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.4d12ed94a92c08ce
SophosML/PE-A + Troj/Agent-BCPO
IkarusWorm.Win32.Nuj
GDataWin32.Trojan.PSE.12FI8JT
JiangminTrojan.Miner.mmk
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1136186
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.FlyStudio.a
ArcabitGeneric.Mulinex.CDE240
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
VBA32BScope.Backdoor.Poison
ALYacGeneric.Mulinex.C0057920
MalwarebytesRiskWare.BitCoinMiner
APEXMalicious
RisingBackdoor.Agent!1.B7E4 (CLASSIC)
YandexTrojan.GenAsa!CnhHeVv4fes
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.ELG!tr.pws
AVGWin32:CoinMiner-M [Trj]
PandaTrj/Genetic.gen

How to remove Generic.Mulinex.C0057920?

Generic.Mulinex.C0057920 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment