Malware

Should I remove “Malware.AI.1148435139”?

Malware Removal

The Malware.AI.1148435139 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1148435139 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Unconventionial language used in binary resources: Serbian (Cyrillic)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a process from a suspicious location

How to determine Malware.AI.1148435139?



File Info:

name: 6BB27592431951777280.mlw
path: /opt/CAPEv2/storage/binaries/a3d03b0109a4a19b1d5f56ba14efe09257e93791afa63db29dc661bfc3261a75
crc32: 74A06427
md5: 6bb27592431951777280124ca2d43b23
sha1: 31e374d1a69f1620a6b319aaf55255123f6816ca
sha256: a3d03b0109a4a19b1d5f56ba14efe09257e93791afa63db29dc661bfc3261a75
sha512: d792611573fc97f770a0753b1601681e5ca00cbc196e2b023df2a98e6138e483029f2ae9ec4ab26ba11b79811d36b947c327089eaf4fae9ffa49e7304f0848a4
ssdeep: 98304:/6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwC:6MsUiETEcjnzA7JUf7DK7b
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D1264A42E5023075C84EDCF1E9ACAAA72F1EF95BA7F280D7B1C91C555AF02C87139D86
sha3_384: 010a011b3bc7ec93565d4bca9d48757cc2c9e21d180dbb718e2ab1b7b25ed4139e8b4713560df5a0414389cac96c8520
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2021-10-10 21:07:21


Version Info:

CompanyName: Opera Software
FileDescription: Opera Browser Assistant
FileVersion: 80.0.4170.40
InternalName: Opera
LegalCopyright: Copyright Opera Software 2021
ProductName: Opera Browser Assistant
ProductVersion: 80.0.4170.40
Translation: 0x0409 0x04b0

Malware.AI.1148435139 also known as:

LionicVirus.Win32.Expiro.n!c
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Expiro.Gen.6
FireEyeGeneric.mg.6bb2759243195177
CylanceUnsafe
K7AntiVirusTrojan ( 00561cbf1 )
AlibabaTrojan:Win32/Raccoon.1d1cc423
K7GWTrojan ( 00561cbf1 )
Cybereasonmalicious.243195
BitDefenderThetaGen:NN.ZexaF.34084.@R0@ai0mDaDP
CyrenW32/Expiro.AN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.NDG
TrendMicro-HouseCallTROJ_GEN.R002H0CL921
Paloaltogeneric.ml
BitDefenderWin32.Expiro.Gen.6
AvastWin32:Xpirat-C [Inf]
TencentWin32.Virus.Expiro.Wsak
Ad-AwareWin32.Expiro.Gen.6
SophosMal/Generic-S
VIPREVirus.Win32.Expiro.dp (v)
McAfee-GW-EditionBehavesLike.Win32.Virus.rh
EmsisoftWin32.Expiro.Gen.6 (B)
APEXMalicious
GDataWin32.Expiro.Gen.6
AviraW32/Infector.Gen8
Antiy-AVLTrojan/Generic.ASMalwS.34911E0
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Raccoon.EC!MTB
CynetMalicious (score: 100)
VBA32BScope.Trojan.Wacatac
ALYacWin32.Expiro.Gen.6
MAXmalware (ai score=87)
MalwarebytesMalware.AI.1148435139
IkarusVirus.Win32.Expiro
FortinetW32/Expiro.NDG
AVGWin32:Xpirat-C [Inf]
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Malware.AI.1148435139?

Malware.AI.1148435139 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment