Malware

About “Malware.AI.1187384734” infection

Malware Removal

The Malware.AI.1187384734 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1187384734 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Malware.AI.1187384734?



File Info:

name: C91544D3EE8B59DC6E3D.mlw
path: /opt/CAPEv2/storage/binaries/85a2e350650aabfe859c21cea909769cf71d104552a8e71c88a5644cd99a513e
crc32: 5C297CED
md5: c91544d3ee8b59dc6e3d67f268f407da
sha1: 3ca798a8082a441b828c9c0159da40b33b4fdb09
sha256: 85a2e350650aabfe859c21cea909769cf71d104552a8e71c88a5644cd99a513e
sha512: 20ca30afdcdb0a246948a2488833e8dded10f7a141cc4b7c46a312b0fe66cb1158b9cb14240565bf50507ede417237cac92d6a09095f20db2157bdac23481fe8
ssdeep: 6144:aTimYX4g5E7zrHE/CYXct5Bt14efUxe4UptSlITi:oimL/kqb5BtcE4UptW+i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16254F1284D695D37C7610BB2A551010EA6D8D1DF3EC5385FE2D6EF8488CD09EF8E622E
sha3_384: ad8ee9b0d4db3c82ce601db09ea666cf1b0f6b4f42b1f223af60478859d791c09fecf0f1ac45c3cdd8129f6d74c72aee
ep_bytes: 558bec51568bf58975fc8b45fc50e81d
timestamp: 2013-01-20 20:00:12


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Windows Setup Utility
FileVersion: 9.00.00.4503
InternalName: a6ize
LegalCopyright: (C) Microsoft Corporation.  All rights reserved.
OriginalFilename: a6ize
ProductName: Microsoft(R) Windows Media Player
ProductVersion: 9.00.00.4503
Translation: 0x0409 0x04b0

Malware.AI.1187384734 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lIty
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.c91544d3ee8b59dc
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacTrojan.Generic.KDZ.5250
CylanceUnsafe
VIPRETrojan.Win32.Agent.akm (v)
SangforSpyware.Win32.Zbot.8
K7AntiVirusTrojan ( 0040f0ce1 )
AlibabaTrojanPSW:Win32/Reveton.9e7dae91
K7GWTrojan-Downloader ( 0040f0ce1 )
Cybereasonmalicious.3ee8b5
VirITTrojan.Win32.Panda.FFS
CyrenW32/Zbot.HS.gen!Eldorado
SymantecTrojan.Zbot!g38
ESET-NOD32Win32/Spy.Zbot.AAU
APEXMalicious
ClamAVWin.Spyware.Zbot-68900
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Generic.KDZ.5250
NANO-AntivirusTrojan.Win32.RiskGen.bfhhke
SUPERAntiSpywareTrojan.Agent/Gen-FakeMS
MicroWorld-eScanTrojan.Generic.KDZ.5250
AvastWin32:DangerousSig [Trj]
TencentMalware.Win32.Gencirc.10b76911
Ad-AwareTrojan.Generic.KDZ.5250
SophosMal/Generic-R + Troj/Zbot-DQG
ComodoTrojWare.Win32.Spy.ZBot.EB@4uei1b
DrWebTrojan.PWS.Panda.3528
ZillyaTrojan.Zbot.Win32.98115
TrendMicroTSPY_ZBPAK.SML
McAfee-GW-EditionPWS-Zbot.gen.xd
EmsisoftTrojan.Generic.KDZ.5250 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.Generic.KDZ.5250
JiangminTrojan.Generic.abkxg
WebrootW32.Infostealer.Zeus
AviraTR/PSW.Zbot.get
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.12E046
KingsoftWin32.Heur.KVMH019.a.(kcloud)
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!GO
AhnLab-V3Spyware/Win32.Zbot.R49955
Acronissuspicious
McAfeePWS-Zbot.gen.xd
VBA32BScope.Malware-Cryptor.SB.01798
MalwarebytesMalware.AI.1187384734
TrendMicro-HouseCallTSPY_ZBPAK.SML
RisingSpyware.Zbot!8.16B (CLOUD)
IkarusTrojan.Signed
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.AAU!tr
BitDefenderThetaGen:NN.ZexaF.34212.sm1@ai70DGEi
AVGWin32:DangerousSig [Trj]
PandaTrj/Hexas.HEU
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1187384734?

Malware.AI.1187384734 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment