Malware

Malware.AI.1055562686 malicious file

Malware Removal

The Malware.AI.1055562686 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1055562686 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)

How to determine Malware.AI.1055562686?



File Info:

name: 0BAD0BB708F41D2A9C7F.mlw
path: /opt/CAPEv2/storage/binaries/db898d329753a26a94e10ca921770728ad8c39ee21265858c25223a5be11b935
crc32: 5193A239
md5: 0bad0bb708f41d2a9c7f6d85072e2cfa
sha1: fde8cb809d548d837257549913adab6a151b4f42
sha256: db898d329753a26a94e10ca921770728ad8c39ee21265858c25223a5be11b935
sha512: c9c72ef4fab7d44fc82e15ff681bbdaaed04842e7b4970d352d1c3e467df7ffb67db4504ea9ff4fd2057daf795ba13350e7bd7917ad19a1979c6e443db7eedc7
ssdeep: 6144:RSh/CczTxSDzNSZwBnTnxFnAEso+L/r48sYOf47SZvr:RuxSDVpnV+br487OguB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F06402476B8D0CE3FBA0183061ABE21D521C7EBA56DED9D7CD540C6CE97098198B0F9E
sha3_384: 11558a96423d1705288fefb6b00ccb6b47dc12c669e75ce9fbcf1251fbb3d430e6602b6d64ee7226a04cf7d145a1f195
ep_bytes: 5657ff15a0a040008b359ca04000ffd6
timestamp: 2014-01-14 06:46:54


Version Info:

FileDescription: WndRexUI
FileVersion: 1.6.5.7
InternalName: WndRexUI
LegalCopyright: Copyright © 1999-2014
ProductVersion: 1.6.5.7
Translation: 0x0409 0x04b0

Malware.AI.1055562686 also known as:

LionicTrojan.Win32.Zbot.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.5661
MicroWorld-eScanGen:Trojan.ProcessHijack.tq0@a4@Q5Pc
FireEyeGeneric.mg.0bad0bb708f41d2a
ALYacGen:Trojan.ProcessHijack.tq0@a4@Q5Pc
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Zbot.rfpf
K7AntiVirusTrojan ( 0040f74d1 )
AlibabaTrojanSpy:Win32/Buzus.ff016ef6
K7GWTrojan ( 0040f74d1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34232.tq0@a4@Q5Pc
VirITTrojan.Win32.Inject2.PCE
CyrenW32/A-0c539ef1!Eldorado
SymantecTrojan.Zbot
ESET-NOD32Win32/Spy.Zbot.AAU
TrendMicro-HouseCallTSPY_ZBOT.SMAA7
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Zbot.rfpf
BitDefenderGen:Trojan.ProcessHijack.tq0@a4@Q5Pc
NANO-AntivirusTrojan.Win32.Zbot.cspeah
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Zbot-UZA [Trj]
TencentMalware.Win32.Gencirc.114cca25
Ad-AwareGen:Trojan.ProcessHijack.tq0@a4@Q5Pc
EmsisoftGen:Trojan.ProcessHijack.tq0@a4@Q5Pc (B)
ComodoTrojWare.Win32.Spy.Zbot.RFPF@56nhpa
ZillyaTrojan.Zbot.Win32.146353
TrendMicroTSPY_ZBOT.SMAA7
McAfee-GW-EditionBehavesLike.Win32.Emotet.fc
SophosMal/Generic-R + Troj/Zbot-HIA
SentinelOneStatic AI – Suspicious PE
JiangminTrojanSpy.Zbot.eazo
WebrootW32.InfoStealer.Zeus
AviraTR/Buzus.ohfd
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.744B09
KingsoftWin32.Troj.Zbot.rf.(kcloud)
GridinsoftRansom.Win32.Zbot.sa
MicrosoftPWS:Win32/Zbot!GO
GDataGen:Trojan.ProcessHijack.tq0@a4@Q5Pc
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win32.Zbot.R95054
McAfeePWSZbot-FQM!0BAD0BB708F4
TACHYONTrojan-Spy/W32.ZBot.322560.AE
VBA32TrojanSpy.Zbot
MalwarebytesMalware.AI.1055562686
APEXMalicious
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojanSpy.Zbot!F+0q5zoKGO4
IkarusTrojan-PWS.Win32.Zbot
eGambitGeneric.Malware
FortinetW32/Zbot.RHCR!tr
AVGWin32:Zbot-UZA [Trj]
PandaTrj/Zbot.M
MaxSecureTrojan.Malware.6824362.susgen

How to remove Malware.AI.1055562686?

Malware.AI.1055562686 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment