Fake

About “Mal/FakeAV-IS” infection

Malware Removal

The Mal/FakeAV-IS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/FakeAV-IS virus can do?

  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Mal/FakeAV-IS?



File Info:

name: D0CB9BD8DA98D9A1C5CC.mlw
path: /opt/CAPEv2/storage/binaries/7c42b0f9d88d57706614978c47b04915f14e5e1a1c5cb85e3232a47026c6be7a
crc32: 7C4AD78B
md5: d0cb9bd8da98d9a1c5cc2938bd9b9f77
sha1: 987a7dcea9761696a4287d39afc3e7b508bdd62e
sha256: 7c42b0f9d88d57706614978c47b04915f14e5e1a1c5cb85e3232a47026c6be7a
sha512: e7dd553b40d8a71a7ed828b4e152c06789fe351ec6eb53480a56569a01c2bad8efe08cf8dd07ca2b15d40d49796442610fd7bda5202fc9f82142275052c1d694
ssdeep: 1536:Dua8VDSEzOsTDF1RQGNRoXa02xZop0aotNlj2CmJOqiPeHDESzLKcU76az7nuUrk:C1c6UHa3+oYtmSb0M
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T114E3BF27F4432133C0EA1BFDFBB83629215107D1C576BD66AED08DBE6A781F6529A04C
sha3_384: 55a4580c13e706993ac62741f66d9dbdfbf54ed811effea501faa7275b9e1ef990b6279e8bb8cdff606f29709c94560c
ep_bytes: e88ba30100e8c0a2010033c0c3909090
timestamp: 2022-07-06 14:17:45


Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Mal/FakeAV-IS also known as:

BkavW32.AIDetect.malware2
CynetMalicious (score: 100)
FireEyeGeneric.mg.d0cb9bd8da98d9a1
MalwarebytesPUP.Optional.ChinAd
Cybereasonmalicious.8da98d
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.BlackMoon.A suspicious
APEXMalicious
BitDefenderGen:Trojan.Heur.FU.iq0@auQwjhkb
MicroWorld-eScanGen:Trojan.Heur.FU.iq0@auQwjhkb
RisingTrojan.Generic@AI.81 (RDML:1e4ZDffYFVHTbNUBIWHaQQ)
Ad-AwareGen:Trojan.Heur.FU.iq0@auQwjhkb
EmsisoftGen:Trojan.Heur.FU.iq0@auQwjhkb (B)
VIPREGen:Trojan.Heur.FU.iq0@auQwjhkb
Trapminemalicious.moderate.ml.score
SophosMal/FakeAV-IS
IkarusAdWare.Win32.BlackMoon
GDataWin32.Application.PUPStudio.A
AviraHEUR/AGEN.1213895
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASCommon.223
ArcabitTrojan.Heur.FU.EC989A
MicrosoftProgram:Win32/Wacapew.C!ml
Acronissuspicious
VBA32BScope.Trojan.Wacatac
ALYacGen:Trojan.Heur.FU.iq0@auQwjhkb
CylanceUnsafe
MaxSecureDropper.Dinwod.frindll
BitDefenderThetaAI:Packer.4BE8690D1F

How to remove Mal/FakeAV-IS?

Mal/FakeAV-IS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment