Malware

About “Malware.AI.114325752” infection

Malware Removal

The Malware.AI.114325752 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.114325752 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • NtSetInformationThread: attempt to hide thread from debugger
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: FA6050EDB608E308BD58.mlw
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Attempted to write directly to a physical drive

How to determine Malware.AI.114325752?



File Info:

name: FA6050EDB608E308BD58.mlw
path: /opt/CAPEv2/storage/binaries/7d371a299a218a5fc4cba88b7210d79df1719a73751c484a3ae3a4860fd586e6
crc32: 77B14C2A
md5: fa6050edb608e308bd584362f12a079b
sha1: 7d65fb03a8d992226c5ad2c95831cdf24ed5320e
sha256: 7d371a299a218a5fc4cba88b7210d79df1719a73751c484a3ae3a4860fd586e6
sha512: bc66a7a1dda52655d0efe62a68d77d1c0888008ea07c1c743a18efb9eb84686894ef3d36b0a9f1ee55532d18ec2534906e64b15de5c4d02f6743faf9d99b97cf
ssdeep: 98304:ntTp9Mgt80hsxpWe8z95QFgGp6ixuoFA+duLsAoCYU8O:gox51jig2jdugAoCYU8O
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T197166C633506E1CFD496213496B3CE469A1E43B52F2089E3E85EA4F97D23CC417AFD98
sha3_384: 6a3dc585524a027791111cd598c687387ce7e820eb131f0b379c38f91d4899ee1c278008ef89e9067c77b3f32f7cc973
ep_bytes: 565053e801000000cc5889c3402d0020
timestamp: 2017-08-13 10:19:02


Version Info:

Translation: 0x0804 0x04b0
Comments: halleluyah 
CompanyName: halleluyah 
FileDescription: ALP反面排版
LegalCopyright: halleluyah 
LegalTrademarks: halleluyah 
ProductName: ALP反面排版
FileVersion: 1.00
ProductVersion: 1.00
InternalName: output
OriginalFilename: output.exe

Malware.AI.114325752 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.SpyGate.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.48264743
FireEyeGeneric.mg.fa6050edb608e308
ALYacTrojan.GenericKD.48264743
CylanceUnsafe
ZillyaTrojan.Themida.Win32.69395
SangforBackdoor.Win32.SpyGate.gz
K7AntiVirusTrojan ( 0053dfca1 )
AlibabaBackdoor:Win32/SpyGate.f2ee6922
K7GWTrojan ( 0053dfca1 )
Cybereasonmalicious.3a8d99
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Themida.BZJ
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.SpyGate.gz
BitDefenderTrojan.GenericKD.48264743
AvastWin32:Trojan-gen
TencentWin32.Backdoor.Spygate.Eegu
Ad-AwareTrojan.GenericKD.48264743
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Generic.rh
EmsisoftTrojan.GenericKD.48264743 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.48264743
AviraTR/Patched.Ren.Gen
Antiy-AVLTrojan[Backdoor]/Win32.SpyGate
KingsoftWin32.Heur.KVMH008.a.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ZoneAlarmBackdoor.Win32.SpyGate.gz
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Trojan-gen.C4461766
Acronissuspicious
McAfeeArtemis!FA6050EDB608
MAXmalware (ai score=86)
VBA32TScope.Malware-Cryptor.SB
MalwarebytesMalware.AI.114325752
TrendMicro-HouseCallTROJ_GEN.R002H0CB822
RisingMalware.Heuristic!ET#98% (RDMK:cmRtazqSAf5F178C8/x2B14EpRVx)
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34212.@B1@aKzLz0ob
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.73731616.susgen

How to remove Malware.AI.114325752?

Malware.AI.114325752 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment