Malware

About “Malware.AI.117028373” infection

Malware Removal

The Malware.AI.117028373 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.117028373 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Malware.AI.117028373?



File Info:

name: 1AF4C01F61BE64434C1D.mlw
path: /opt/CAPEv2/storage/binaries/18232164a57d9d973e3d798d53058edbc7aabfc0fbc7892a1e79734a0c707e26
crc32: B3B57766
md5: 1af4c01f61be64434c1dac362f120506
sha1: bfd826e8436ee73e531752f0bdf74914f5c9a4b2
sha256: 18232164a57d9d973e3d798d53058edbc7aabfc0fbc7892a1e79734a0c707e26
sha512: 9aeca64762ec40467d860c169bb2ebbd244c401523bc40bb957519d5d13b6073c32652a07ca8043599d12e0b378000a9bc5b7fcf9ae463f3fe5e5d5e9c95cb01
ssdeep: 6144:SLH2rO/5jgKhGns79MdJCWwoSaRRcA6w3VTo3eGjGVHRxtUf/Ck:S7nBJhGs7R9YTToJjG/sCk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1486422D3B6EBABF9C9310B70006A1C3CD654D40149EB0BB7FF405A849453663DA29FAB
sha3_384: e8f2598aa22e035d6aa8591bcab2c5d2cc221c2372cf262c140f5f510adaae8a4c4b5c3c10e496ff1c700e6df0843e3d
ep_bytes: 9c880c24c7042457b16ea068b5202273
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Malware.AI.117028373 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Convagent.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.1af4c01f61be6443
McAfeeGenericRXQZ-VJ!1AF4C01F61BE
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2581939
K7AntiVirusTrojan ( 0057e5351 )
AlibabaPacked:Win32/VMProtect.91d1ffea
K7GWTrojan ( 0057e5351 )
Cybereasonmalicious.f61be6
BitDefenderThetaAI:Packer.4B50F4201F
CyrenW32/VMProtect.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.WV
TrendMicro-HouseCallTROJ_GEN.R002C0WL621
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.xalfkz
BitDefenderGen:Variant.Barys.160809
MicroWorld-eScanGen:Variant.Barys.160809
AvastWin32:Trojan-gen
TencentWin32.Trojan.Agent.Ecky
Ad-AwareGen:Variant.Barys.160809
EmsisoftGen:Variant.Barys.160809 (B)
TrendMicroTROJ_GEN.R002C0WL621
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosMal/Generic-S
IkarusTrojan.Win32.VMProtect
GDataGen:Variant.Barys.160809
AviraTR/Crypt.XPACK.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.34E2852
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Barys.D27429
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.Generic.C4807534
VBA32BScope.Trojan.Woreflint
ALYacGen:Variant.Barys.160809
MAXmalware (ai score=82)
MalwarebytesMalware.AI.117028373
APEXMalicious
RisingTrojan.Generic@ML.94 (RDMK:kyPZHgawpx5fEy8gOOXytw)
YandexTrojan.Agent!kSZj+AGNq+Q
SentinelOneStatic AI – Malicious PE
FortinetW32/VMProtect.WV!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_80% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.117028373?

Malware.AI.117028373 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment