Spy

Spyware.Lunar.Builder (file analysis)

Malware Removal

The Spyware.Lunar.Builder is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Spyware.Lunar.Builder virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Spyware.Lunar.Builder?



File Info:

name: 6046848C36C851D3C0C3.mlw
path: /opt/CAPEv2/storage/binaries/61062e098b9277634699562428b14e84abadbf4b70a3362e90c32fd5da05b575
crc32: B78B5357
md5: 6046848c36c851d3c0c3a5f1dfcc0711
sha1: d35489472f9acc0728dd5400a3e59f6c55ecb836
sha256: 61062e098b9277634699562428b14e84abadbf4b70a3362e90c32fd5da05b575
sha512: 2f8dd2effb608f030837f2cd33d5b36447031f285361606d6d7f1061096fada01046627a1c5aca5c0f842f062a50ffa9cb30fd4db700ef18cb4362e64483c958
ssdeep: 6144:u7UKv4F7bDbC1ePWV6Qv0deKGC3d1J1Y:uwKgF06zdeKJjJ1Y
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F154D5282F98C215F7E29B75D1C62294B739EB7E220E57C6D0113BBD2E12E119FD2217
sha3_384: f8a03dbff69eb704c4f7ca292c78950bf4f6d1f468752be040f8475ba682bd9517f9be608c5824e5d265cd3644c6cdf6
ep_bytes: ff250020400000000000000000000000
timestamp: 2065-12-30 07:55:59


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Lunar Builder
FileVersion: 2.2.0.0
InternalName: Lunar Builder.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Lunar Builder.exe
ProductName: Lunar Builder
ProductVersion: 2.2.0.0
Assembly Version: 2.2.0.0

Spyware.Lunar.Builder also known as:

LionicTrojan.Win32.Heracles.4!c
MicroWorld-eScanGen:Variant.MSILHeracles.28035
FireEyeGeneric.mg.6046848c36c851d3
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGen:Variant.MSILHeracles.28035
CylanceUnsafe
BitDefenderThetaGen:NN.ZemsilF.34294.sm0@aeXg@Ch
APEXMalicious
BitDefenderGen:Variant.MSILHeracles.28035
Ad-AwareGen:Variant.MSILHeracles.28035
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.MSILHeracles.28035 (B)
IkarusTrojan.MSIL.Vmprotect
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.MSILHeracles.28035
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4578674
MAXmalware (ai score=86)
MalwarebytesSpyware.Lunar.Builder
TrendMicro-HouseCallTROJ_GEN.R002H09KP21
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetPossibleThreat

How to remove Spyware.Lunar.Builder?

Spyware.Lunar.Builder removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment