Win32/GenCBL.CBC (file analysis)

The Win32/GenCBL.CBC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/GenCBL.CBC virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Win32/GenCBL.CBC?


File Info:
name: 95DF93BA42C377658F40.mlw
path: /opt/CAPEv2/storage/binaries/10370f82af9945d81a8629a390d1a5dc89df7a75e509a825b93542289d195834
crc32: C0951F04
md5: 95df93ba42c377658f404669b327501a
sha1: 4879ecf4d53996e443fdef9402b15ba9389c5e16
sha256: 10370f82af9945d81a8629a390d1a5dc89df7a75e509a825b93542289d195834
sha512: 1a4428643dc1f95c68af1e3e1f143403d6eda73bdc82c5809949fe6cb0c766782b3b5a26cfb8e9540ea977561151d2de8fdb2558f96fd5a36b14d40760edf6eb
ssdeep: 24576:2dSfjbdHpgxQh98NkxFF3CaUolTod2BCxBAIBmZlTU0LiFSM:2OpgoCaUoGBxXmZlT1U
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D0758C01B46294B6D6862130EC2CF239A7643E1D8BF649F7B7943ED93E701D03A3664E
sha3_384: f5485970c0d9fb25023aaedb11916541929098dd2ff594dd4088f00f5b9e3690e28168d23474dcaaacbbed5194031e49
ep_bytes: e813050000e978feffffa1b0cd560053
timestamp: 2019-02-28 05:00:00

Version Info:
CompanyName: The Chromium Authors
FileDescription: Chromium
FileVersion: 72.0.3626.121
InternalName: chrome_exe
LegalCopyright: Copyright 2018 The Chromium Authors. All rights reserved.
OriginalFilename: chrome.exe
ProductName: Chromium
ProductVersion: 72.0.3626.121
CompanyShortName: The Chromium Authors
ProductShortName: Chromium
LastChange: da3787ba355f18db7db52abf75c42afb408d656f-refs/branch-heads/3626@#883
Official Build: 1
Translation: 0x0409 0x04b0

Win32/GenCBL.CBC also known as:

Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.63866190
ALYac	Trojan.GenericKD.63866190
Malwarebytes	Generic.Malware/Suspicious
VIPRE	Trojan.GenericKD.63866190
Sangfor	Trojan.Win32.Gencbl.Vtym
K7AntiVirus	Trojan ( 00592e5c1 )
K7GW	Trojan ( 00592e5c1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenCBL.CBC
BitDefender	Trojan.GenericKD.63866190
Avast	Win32:Trojan-gen
Emsisoft	Trojan.GenericKD.63866190 (B)
Zillya	Trojan.GenCBL.Win32.7784
McAfee-GW-Edition	Artemis
FireEye	Trojan.GenericKD.63866190
Sophos	Mal/Generic-S
GData	Trojan.GenericKD.63866190
Antiy-AVL	Trojan/Win32.GenCBL
Arcabit	Trojan.Generic.D3CE854E
McAfee	Artemis!95DF93BA42C3
MAX	malware (ai score=89)
Cylance	unsafe
Rising	Adware.Agent!1.DDC6 (CLASSIC)
MaxSecure	Trojan.Malware.195948710.susgen
Fortinet	W32/GenCBL.CBC!tr
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS

How to remove Win32/GenCBL.CBC?

Win32/GenCBL.CBC removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X