Malware

Malware.AI.1202835205 removal guide

Malware Removal

The Malware.AI.1202835205 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1202835205 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • Access the NetLogon registry key, potentially used for discovery or tampering
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the QakBot malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.1202835205?



File Info:

name: 4BFB9A3519BCB7842D08.mlw
path: /opt/CAPEv2/storage/binaries/6b1f09174cfbf7f64d0c1951670182bf63bfed05563a6a20540a63c66f1e7b7a
crc32: 7957CEC2
md5: 4bfb9a3519bcb7842d085e727937cc4c
sha1: 808c7b672b01a5ddf2002d8bb062a775994894fc
sha256: 6b1f09174cfbf7f64d0c1951670182bf63bfed05563a6a20540a63c66f1e7b7a
sha512: 7de7b563478d106c810f89d74e4434268a3ee27d87af3296b8b37336846a655ba43dddd21df591243c5436651ffce9c448c01d6ae7c03924f2cb7250d533c848
ssdeep: 6144:iI16yae/s4wKDLKX14td0XwS486FwT0MQkXrk0p6Bqvs5dL:iGnae/AKDLKlMeXwSDTpJX40p6Avs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E094CF06F674C8B1C4B48C32485B8B751474FD23A815DB1BB7E0FE6FEE72641E91A24A
sha3_384: 16428c762a9434114031f46fcfd8b7feaf868e41ecf5986e976051885c4d1ead7a4e2a7f1ff2a5ba41736e3d5df18157
ep_bytes: e8db190000e91efeffff8bff558bec83
timestamp: 2020-02-04 15:41:06


Version Info:

CompanyName: Sysinternals - www.sysinternals.com
FileDescription: Autostart program viewer
FileVersion: 3.46
InternalName: Apdheouaktec Ikcrshti
LegalCopyright: Copyright (C) 2002-2008 Mark Russinovich and Bryce Cogswell
OriginalFilename: apdheoua.exe
ProductName: Apdheouaktec ikcrshti
ProductVersion: 3.46
Translation: 0x0409 0x04b0

Malware.AI.1202835205 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.4bfb9a3519bcb784
McAfeeGenericRXAA-AA!4BFB9A3519BC
Cylanceunsafe
ZillyaTrojan.Qbot.Win32.7551
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055fb991 )
AlibabaTrojanBanker:Win32/Kryptik.6ed9c7a9
K7GWTrojan ( 0055fb991 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.QBot.UR
CyrenW32/Agent.BNT.gen!Eldorado
SymantecTrojan.Anserin
ESET-NOD32a variant of Win32/Kryptik.HAWD
APEXMalicious
ClamAVWin.Dropper.Qbot-7581000-0
KasperskyHEUR:Trojan-Banker.Win32.Qbot.pef
BitDefenderTrojan.Agent.ELDZ
ViRobotTrojan.Win32.Z.Agent.430080.TA
MicroWorld-eScanTrojan.Agent.ELDZ
AvastWin32:BankerX-gen [Trj]
TencentWin32.Trojan-Banker.Qbot.Ckjl
SophosTroj/Qbot-FA
F-SecureHeuristic.HEUR/AGEN.1310252
DrWebTrojan.Inject3.34262
VIPRETrojan.Agent.ELDZ
TrendMicroTROJ_GEN.R002C0RGA23
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
EmsisoftTrojan.Agent.ELDZ (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.Agent.ELDZ
JiangminTrojan.Banker.Qbot.js
AviraHEUR/AGEN.1310252
Antiy-AVLTrojan/Win32.Wacatac
ArcabitTrojan.Agent.ELDZ
ZoneAlarmHEUR:Trojan-Banker.Win32.Qbot.pef
MicrosoftTrojan:Win32/Ditertag.A
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C3979846
BitDefenderThetaGen:NN.ZexaF.36318.Au0@aeFgU5li
ALYacTrojan.Agent.ELDZ
MAXmalware (ai score=87)
VBA32Trojan.Inject
MalwarebytesMalware.AI.1202835205
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0RGA23
RisingTrojan.Generic@AI.91 (RDMK:X+Z5FFBu6x872evu7sYXrA)
IkarusTrojan.Win32.Krypt
FortinetW32/Kryptik.HAZJ!tr
AVGWin32:BankerX-gen [Trj]
Cybereasonmalicious.519bcb
DeepInstinctMALICIOUS

How to remove Malware.AI.1202835205?

Malware.AI.1202835205 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment