Malware

Should I remove “Packed.Win32.Mentiger”?

Malware Removal

The Packed.Win32.Mentiger is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Packed.Win32.Mentiger virus can do?

  • Executable code extraction
  • Enumerates user accounts on the system
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Uses Windows utilities for basic functionality
  • Exhibits behavior characteristic of Cerber ransomware
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to identify installed AV products by installation directory
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Packed.Win32.Mentiger?



File Info:

crc32: 0DF14C98
md5: a942435a907dbfb3683167943df352e0
name: A942435A907DBFB3683167943DF352E0.mlw
sha1: 72e941e19153529d21883b21cae169b301599116
sha256: ff2060eff908251cf85b252f849207be696bbbf4edbed4aa5a9deb34d59f7b4b
sha512: c02315a3563d362633e387eae03217a949ee8678e7649c36191340ced8edb1069f8b4f3a575e8cb2bd090a93088fa6add5b9bfa89715bffde8a0cce0f75f095e
ssdeep: 3072:zVsiBm07rImxGSTpXssnSJG+ZYd2795JOfzruiD0jxMF5G5a7nXbzDTSk3LvAS6A:zZ0vqGsssSR9uBDQe5GMPSk7uz8
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright 2008-2011 x41ex41ex41e x42fx43dx434x435x43ax441
InternalName: Punto Switcher Unloader
FileVersion: 3.2.3.51
CompanyName: x41e x41ex41e  x42fx43dx434x435x43ax441
LegalTrademarks: Punto Switcher
Comments: x412x44bx433x440x443x437x447x438x43a Punto Switcher
ProductName: Punto Switcher
ProductVersion: 3.2.3.51
FileDescription: x412x44bx433x440x443x437x447x438x43a Punto Switcher
OriginalFilename: puntounloader.exe
Translation: 0x0419 0x04b0

Packed.Win32.Mentiger also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005224381 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.4939
CynetMalicious (score: 100)
CAT-QuickHealRansom.Cerber.G4
ALYacTrojan.Ransom.Cerber.1
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.3048
SangforRansom.Win32.Cerber_38.se
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/Cerber.9495ea9a
K7GWTrojan ( 004fc1e41 )
Cybereasonmalicious.a907db
BaiduWin32.Trojan.Kryptik.anp
CyrenW32/Cerber.F.gen!Eldorado
SymantecPacked.Generic.459
ESET-NOD32Win32/Filecoder.Cerber.B
APEXMalicious
AvastWin32:Filecoder-BG [Trj]
ClamAVWin.Ransomware.Cerber-6931819-0
KasperskyHEUR:Packed.Win32.Mentiger.gen
BitDefenderTrojan.Ransom.Cerber.1
NANO-AntivirusTrojan.Win32.Mentiger.evdfee
MicroWorld-eScanTrojan.Ransom.Cerber.1
TencentMalware.Win32.Gencirc.10b558e2
Ad-AwareTrojan.Ransom.Cerber.1
SophosML/PE-A + Mal/Cerber-B
ComodoTrojWare.Win32.Kryptik.ERJ@6l0vie
BitDefenderThetaGen:NN.ZexaF.34608.Aq1@aSBDEIgk
VIPRETrojan.Win32.Reveton.a (v)
TrendMicroRansom_HPCERBER.SM2
McAfee-GW-EditionBehavesLike.Win32.Ransomware.gh
FireEyeGeneric.mg.a942435a907dbfb3
EmsisoftTrojan.Ransom.Cerber.1 (B)
AviraHEUR/AGEN.1124969
ArcabitTrojan.Ransom.Cerber.1
AegisLabHacktool.Win32.Generic.x!c
ZoneAlarmHEUR:Packed.Win32.Mentiger.gen
GDataTrojan.Ransom.Cerber.1
AhnLab-V3Win-Trojan/Cerber.Gen
Acronissuspicious
McAfeePUP-XAE-OG
MAXmalware (ai score=100)
VBA32BScope.Trojan.Tiggre
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_HPCERBER.SM2
RisingTrojan.Kryptik!1.AF0E (CLASSIC)
YandexTrojan.GenAsa!4POhZNXQmrk
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HCAW!tr
AVGWin32:Filecoder-BG [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Cerber.HxQBgVAA

How to remove Packed.Win32.Mentiger?

Packed.Win32.Mentiger removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment