Malware

What is “Generic.Rebhip.E9A4AAFE”?

Malware Removal

The Generic.Rebhip.E9A4AAFE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Rebhip.E9A4AAFE virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • CAPE detected the NanoCore malware family
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Collects information to fingerprint the system

How to determine Generic.Rebhip.E9A4AAFE?



File Info:

name: 008BB1819E2A123A0E1B.mlw
path: /opt/CAPEv2/storage/binaries/eab4299e1641feb9754497e5f5e5757ab45a358b0222edb4926dde03324b1dca
crc32: 6277CA63
md5: 008bb1819e2a123a0e1b5ac486d5ab8b
sha1: ca99cf4e1d156fa83eaf6d583bb5c7ea8f1a395a
sha256: eab4299e1641feb9754497e5f5e5757ab45a358b0222edb4926dde03324b1dca
sha512: 9f5bf8c7c45b60b38eb8ea089aaa31a5f532cc2ed1d926c08abe738fbd23170651de51159cd36920fd281626736a169e582c4ab420a85db30dcd1207d96acc37
ssdeep: 49152:pImepGg2qrRHoBY8YRA0oVZ4H/5zQdfDrfP9CRyngZSaqKJWNLHAmPw+opK6ex5f:em6poBGRAfpe5qKWNVPopKVxx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T130C5335B991185BBFF7764791332BE20F21BD96285E2038981C2D7B3D5A8F6E48317C2
sha3_384: 66cc6edf22258b1ae53b177b0d840947b5b1c7d486d58f68db74eb1cd71d6371ae8c450cfb1ab953d4d61f50aa8c5ace
ep_bytes: 81ec800100005355565733db68018000
timestamp: 2015-12-27 05:38:55


Version Info:

0: [No Data]

Generic.Rebhip.E9A4AAFE also known as:

LionicTrojan.MSIL.NanoBot.lJ7o
Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.Rebhip.E9A4AAFE
FireEyeGeneric.mg.008bb1819e2a123a
CAT-QuickHealTrojan.Dynamer
ALYacGeneric.Rebhip.E9A4AAFE
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0056397b1 )
AlibabaBackdoor:MSIL/Decay.0d7ba488
K7GWTrojan ( 0056397b1 )
Cybereasonmalicious.19e2a1
CyrenW32/Trojan.AQFF-6485
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.Decay.gdh
BitDefenderGeneric.Rebhip.E9A4AAFE
NANO-AntivirusTrojan.Win32.Bublik.dofkrs
ViRobotTrojan.Win32.Z.Rebhip.2595192
AvastWin32:RATX-gen [Trj]
TencentWin32.Trojan-dropper.Decay.Dbf
SophosMal/Generic-S
DrWebBackDoor.Cybergate.1
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_Crypmod.R002C0DA322
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftGeneric.Rebhip.E9A4AAFE (B)
IkarusTrojan.Win32.Spatet
JiangminTrojan.Generic.ajgum
AviraHEUR/AGEN.1112142
eGambitUnsafe.AI_Score_99%
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASMalwS.3D2AAD
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/Crypmod
ZoneAlarmTrojan-Dropper.Win32.Decay.gdh
GDataGen:Variant.Bulz.11374
CynetMalicious (score: 100)
McAfeeArtemis!008BB1819E2A
VBA32Backdoor.MSIL.NanoBot
MalwarebytesMalware.AI.546129963
TrendMicro-HouseCallRansom_Crypmod.R002C0DA322
RisingTrojan.Generic/MSIL@AI.93 (RDM.MSIL:w64ETjpWeZ6oTV8mo/127A)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Decay.GDH!tr
BitDefenderThetaAI:Packer.233541E816
AVGWin32:RATX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Generic.Rebhip.E9A4AAFE?

Generic.Rebhip.E9A4AAFE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment