Malware

Malware.AI.115469224 removal instruction

Malware Removal

The Malware.AI.115469224 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.115469224 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server

How to determine Malware.AI.115469224?



File Info:

name: 374182073C0C1E4810BD.mlw
path: /opt/CAPEv2/storage/binaries/c81b7a1140b026c6b7b6ed472d766f5d299f47cf39971fcbd4f70719143df526
crc32: 9B5B337C
md5: 374182073c0c1e4810bda57e84f7402a
sha1: 8dca7c13d5816c35b770eb7fd1a2b346b886d076
sha256: c81b7a1140b026c6b7b6ed472d766f5d299f47cf39971fcbd4f70719143df526
sha512: 8751bf15ad46bb7ef70bd9d51eba72b15ce52475778219ea5eb8d38d4313c4318c7472a931342d243978cf6b35476d257d54d05664475c1076755c51e074c47c
ssdeep: 12288:m/igvgMlPvu44EqHHHiZ3GQPyf00S8cIBBH7duFSuMZ7vZri:mBgMlXuXQ6fvPcIjdvuoG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T164258D2043BC8E61EEEF8675E072563553B4EC579D12DF4A7DAC30AA3F6230689075A3
sha3_384: c84d0e0738fbb4170d6ee4ab171b53cea916886b6cc71ffcad683db5cc95d98ad4ae3070e03da4dc22c2696631fc538b
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-10-09 03:12:35


Version Info:

Translation: 0x0000 0x04b0
Comments: Application to play PDF and video files for education
CompanyName: Player
FileDescription: Player
FileVersion: 17.0.0.0
InternalName: Player.exe
LegalCopyright: Player Software
OriginalFilename: Player.exe
ProductName: Player
ProductVersion: 17.0.0.0
Assembly Version: 17.0.0.0

Malware.AI.115469224 also known as:

LionicTrojan.MSIL.Toptoo.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47450325
FireEyeTrojan.GenericKD.47450325
CAT-QuickHealBackdoor.MsilFC.S17874518
ALYacTrojan.GenericKD.47450325
AlibabaBackdoor:MSIL/Toptoo.a6abd155
SymantecML.Attribute.HighConfidence
APEXMalicious
KasperskyHEUR:Backdoor.MSIL.Toptoo.gen
BitDefenderTrojan.GenericKD.47450325
Ad-AwareTrojan.GenericKD.47450325
EmsisoftTrojan.GenericKD.47450325 (B)
McAfee-GW-EditionArtemis!Trojan
AviraBDS/Toptoo.nbtos
MAXmalware (ai score=85)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataTrojan.GenericKD.47450325
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Agent.C4227076
MalwarebytesMalware.AI.115469224
TrendMicro-HouseCallTROJ_GEN.R002H0CKN21
MaxSecureTrojan.Malware.300983.susgen
Cybereasonmalicious.73c0c1
PandaTrj/GdSda.A

How to remove Malware.AI.115469224?

Malware.AI.115469224 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment