Malware

Malware.AI.1175573681 (file analysis)

Malware Removal

The Malware.AI.1175573681 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1175573681 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.1175573681?



File Info:

name: 91CB4B6C58F098DF8F3C.mlw
path: /opt/CAPEv2/storage/binaries/1b238797ab3eb1b7225422de7134e1b9c09c10aa7864652d67e25d99a2628554
crc32: 5FEC9460
md5: 91cb4b6c58f098df8f3cb8d173f45df4
sha1: ab78a87538135c4d9d15e3d9c66e59c61a70401a
sha256: 1b238797ab3eb1b7225422de7134e1b9c09c10aa7864652d67e25d99a2628554
sha512: 6ff59df7e66706ff3c265b8f5c7eccb68bd6dc56700ce50ffdfc3cc4698437ed632387217ec4517a2757352489a6c534439710c81b597241d7f7e95860d27d46
ssdeep: 3072:Wu4UImktWh5Ka7MJTvt5a+jq+oOElhcp8yWwlfoisjf3GO8jXBRQQQ:uUImvKmMhvt4qq+UyWmoPjfF8jXBuQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BA141299134CEC4FF4C22EBCC87061F1C18961728994E3445D8D62BF44FBE9A755ABB2
sha3_384: dad78703b6548ddd509b198218046430d0e735f54ea4a3ede1fade689fa22d1ef103bfa85d89696d35f10b536b50676c
ep_bytes: 60be000043008dbe0010fdff5783cdff
timestamp: 2012-02-07 09:10:48


Version Info:

Translation: 0x0409 0x04b0
Comments: fvNiBvlQaaZ
CompanyName: zCQmoxH
FileDescription: ZNKEQTrMlr
LegalCopyright: OFTeMMzmNkwKsJv
ProductName: FVZcTsHAkSU
FileVersion: 30.40.0060
ProductVersion: 30.40.0060
InternalName: server
OriginalFilename: server.exe

Malware.AI.1175573681 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.91cb4b6c58f098df
CAT-QuickHealTrojan.Vbinject.UG8
McAfeeArtemis!91CB4B6C58F0
MalwarebytesMalware.AI.1175573681
VIPREGen:Heur.ManBat.1
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00570c1d1 )
AlibabaTrojan:Win32/Refroso.d8a806b3
K7GWTrojan ( 00570c1d1 )
Cybereasonmalicious.c58f09
CyrenW32/VBInject.AH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Bifrose.NIO
APEXMalicious
ClamAVWin.Packed.Manbat-6998962-0
KasperskyTrojan.Win32.Refroso.fpjz
BitDefenderGen:Heur.ManBat.1
NANO-AntivirusTrojan.Win32.Refroso.ecamzm
SUPERAntiSpywareTrojan.Agent/Gen-Falleg
MicroWorld-eScanGen:Heur.ManBat.1
AvastFileRepMalware [Misc]
TencentWin32.Trojan.Refroso.Wmhl
EmsisoftGen:Heur.ManBat.1 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.VbCrypt.8
ZillyaTrojan.Refroso.Win32.68036
TrendMicroCryp_SpyEye
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
IkarusTrojan.Win32.Refroso
GDataGen:Heur.ManBat.1
JiangminTrojan.Refroso.gfk
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.Refroso
XcitiumTrojWare.Win32.TrojanDropper.VB.xs@4oxh0e
ArcabitTrojan.ManBat.1
ZoneAlarmTrojan.Win32.Refroso.fpjz
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Refroso.R1803
VBA32BScope.Backdoor.Xtreme
ALYacGen:Heur.ManBat.1
MAXmalware (ai score=100)
Cylanceunsafe
TrendMicro-HouseCallCryp_SpyEye
RisingTrojan.Win32.Generic.12B3C2F7 (C64:YzY0OnDXr7ow3E7K)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Bifrose.NKY!tr
BitDefenderThetaAI:Packer.85FDCF8020
AVGFileRepMalware [Misc]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1175573681?

Malware.AI.1175573681 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment