Malware.AI.1178432061 (file analysis)

The Malware.AI.1178432061 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.1178432061 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.1178432061?


File Info:
name: 8191BE6F5AD9E8B2ABC0.mlw
path: /opt/CAPEv2/storage/binaries/62d45a9b6be0563a15a206f86c7dd21d861cc5255040a4f339d8786978bfa0c4
crc32: ABB18897
md5: 8191be6f5ad9e8b2abc0d24b6cd6bb6e
sha1: f2ec456c043c0c588cf116e5917f3e48289b1019
sha256: 62d45a9b6be0563a15a206f86c7dd21d861cc5255040a4f339d8786978bfa0c4
sha512: 949ba6d47ef4efad73cd37c4d1f90b0ad7a489b7ed81f885353d1f19c339e6c98af5cfc4b6af23919d68a3ced662dbd41cfd623fc3052cfe1cb9a35250e75f78
ssdeep: 6144:YUBOU3EiMAG6DqwuNAmzw+dNmry7iPNkuQa2IvQt60uwcmgjxi4L4b1xDeh:YkLMAEwKAxy7m3Q7IvQc0imgjx74bnE
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1AD947C78D6142DCCF53F7F3838D9B59099542F63321AA422ACEF585906F8BBA4378583
sha3_384: 735dafa589beea4f285e64583613848563a3d166a0af005b311ae78453aa1bd22cbf27308fd599e635f54683df1b1417
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2070-05-17 21:31:06

Version Info:
CompanyName: Microsoft Corporation
FileDescription: x86 Performance Counter Host
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: perfhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: perfhost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.1178432061 also known as:

Elastic	malicious (high confidence)
DrWeb	Win32.Expiro.150
MicroWorld-eScan	Win32.Expiro.Gen.6
FireEye	Generic.mg.8191be6f5ad9e8b2
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (D)
VirIT	Win32.Expiro.CV
Cyren	W32/Expiro.AN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Expiro.NDG
TrendMicro-HouseCall	Virus.Win32.EXPIRO.AD
Kaspersky	HEUR:Trojan.Win32.Expiro.gen
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Ad-Aware	Win32.Expiro.Gen.6
VIPRE	Virus.Win32.Expiro.dp (v)
TrendMicro	Virus.Win32.EXPIRO.AD
SentinelOne	Static AI – Malicious PE
Emsisoft	Win32.Expiro.Gen.6 (B)
Ikarus	Virus.Win32.Expiro
GData	Win32.Expiro.Gen.6
Jiangmin	Trojan.PSW.Stealer.abj
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.315
Microsoft	Trojan:Win32/Raccoon.EC!MTB
Cynet	Malicious (score: 100)
Acronis	suspicious
VBA32	BScope.Trojan.Wacatac
ALYac	Win32.Expiro.Gen.6
Malwarebytes	Malware.AI.1178432061
APEX	Malicious
MAX	malware (ai score=80)
Fortinet	W32/Expiro.NDG
AVG	Win32:Xpirat-C [Inf]
Cybereason	malicious.f5ad9e
Panda	Trj/Genetic.gen

How to remove Malware.AI.1178432061?

Malware.AI.1178432061 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X