Malware

Malware.AI.1028124164 (file analysis)

Malware Removal

The Malware.AI.1028124164 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1028124164 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the embedded win api malware family
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Attempts to modify Windows Defender using PowerShell
  • Touches a file containing cookies, possibly for information gathering
  • Powershell arguments were seen on a command line but powershell.exe was not called. Likely indictive of renamed/obfuscated powershell.exe or defining arguments in variables for later use
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Malware.AI.1028124164?



File Info:

name: E17A6AAAFA99F59B2545.mlw
path: /opt/CAPEv2/storage/binaries/f1c922056cc695456d7de8d27143006ad44dd7a79cf080f613570f91fa8f0e82
crc32: AC5E4D7E
md5: e17a6aaafa99f59b25459363b6eb58fd
sha1: aaa0fe203591fd25ca33e3fd06c99991352bd0ff
sha256: f1c922056cc695456d7de8d27143006ad44dd7a79cf080f613570f91fa8f0e82
sha512: 70b26b54bf5e4de62381bdd1724b6ff91699e88401a21efca623dd00aa88fed373c193a58992b97d7ab63a4640c30194fd3f33e5630d1d5407520c7c5edda2a9
ssdeep: 24576:L7FUDowAyrTVE3U5FZTk2Au7vfNzl/m+9KXSQqo4ERwkea7XCJKjaJZ:LBuZrEUlQKTngXSvEvegCJfZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19E75BE3FB268653ED9AE0B3245B39320997BBB61B81B8C1E47F4480DCF664701E3B655
sha3_384: 28f192df212fcc9cdc1b3f2c94c8576e9eaabbbb87789e126950cf604d460e3b4eb88f6f991b2e37ded01549f9264197
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2022-04-14 16:10:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: ember.editor.cloud.hetzer.to.bard.exe                       
FileDescription: Monagami Vendor GUI Setup                                   
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Monagami Vendor GUI                                         
ProductVersion: 1.0.0.0                                           
Translation: 0x0000 0x04b0

Malware.AI.1028124164 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Bitser.a!c
MicroWorld-eScanTrojan.GenericKD.62528584
FireEyeTrojan.GenericKD.62528584
ALYacTrojan.GenericKD.62528584
MalwarebytesMalware.AI.1028124164
SangforDownloader.Win32.Bitser.V0js
K7AntiVirusTrojan ( 005991211 )
AlibabaTrojanDownloader:Win32/Bitser.205e0393
K7GWTrojan ( 005991211 )
Cybereasonmalicious.afa99f
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/TrojanDropper.Agent.SSS
TrendMicro-HouseCallTROJ_GEN.R002H0CBQ24
KasperskyTrojan-Downloader.Win32.Bitser.emz
BitDefenderTrojan.GenericKD.62528584
TencentMalware.Win32.Gencirc.13ab7cc9
VIPRETrojan.GenericKD.62528584
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
IkarusTrojan-Spy.Raccoon-Stealer
VaristW32/ABTrojan.WHXM-5360
MAXmalware (ai score=100)
KingsoftWin32.Troj.Undef.a
ArcabitTrojan.Generic.D3BA1C48
ViRobotTrojan.Win.Z.Agent.1685643
ZoneAlarmTrojan-Downloader.Win32.Bitser.emz
GDataTrojan.GenericKD.62528584
AhnLab-V3Malware/Win.Generic.C5271897
DeepInstinctMALICIOUS
Cylanceunsafe
MaxSecureTrojan.Malware.190015777.susgen
FortinetW32/Malicious_Behavior.VEX
PandaTrj/Chgt.AD
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudVirTool:Win/SignThief.A(dyn)

How to remove Malware.AI.1028124164?

Malware.AI.1028124164 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment