Malware

Should I remove “Malware.AI.1234260865”?

Malware Removal

The Malware.AI.1234260865 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1234260865 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the NetWire malware family
  • Creates a copy of itself
  • Deletes executed files from disk

How to determine Malware.AI.1234260865?



File Info:

name: 07AC7A26D7E30C37622F.mlw
path: /opt/CAPEv2/storage/binaries/32a4656716b1a65cbdc126686a31bd2e7bbf975fc2bf2add818ab0a74fffb69e
crc32: 917A807A
md5: 07ac7a26d7e30c37622f7b76c72e95ec
sha1: 7294e3d9fe45ee15771830163a3fa0220ab2ec03
sha256: 32a4656716b1a65cbdc126686a31bd2e7bbf975fc2bf2add818ab0a74fffb69e
sha512: 933e7410a3ec5957375b037fb1f74178d1f952973c59b48a8d6ea161679d6d218b77cb18c3f5f04b916372aa23eda77f65296be039c641e054fe669e27acc74c
ssdeep: 6144:GTAXsaZg3aofSc4eAyq3IVPFrH+Dd/19gR+6viZD5exE348m2qKPqDJDStqu0jGY:GTt5fSc4kN+DFqt6gySGY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B8D47307B3D4C65FC36CC9F6018969A693B99E918907AFCE49C1346778B3BA109047FB
sha3_384: 294707caef8a466159f30218858f9c0fac7fb488772f838dfd5fbf6420defbc9becd34c736cbfc642a436e6e75cda802
ep_bytes: ff256872480000000000000000003c72
timestamp: 2018-01-30 08:28:46


Version Info:

Translation: 0x0000 0x04b0
Comments: YUAYJKOF
FileDescription: YUAYJKOF
FileVersion: 0.0.0.7
InternalName: KCFMFBM.exe
LegalCopyright: YUAYJKOF
OriginalFilename: KCFMFBM.exe
ProductName: YUAYJKOF
ProductVersion: 0.0.0.7
Assembly Version: 0.0.0.7

Malware.AI.1234260865 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanIL:Trojan.MSILZilla.9812
FireEyeGeneric.mg.07ac7a26d7e30c37
CAT-QuickHealTrojan.GenericFC.S22017614
ZillyaTrojan.Kryptik.Win32.3439038
SangforTrojan.Win32.Save.a
K7GWTrojan ( 0052d83a1 )
K7AntiVirusTrojan ( 0052d83a1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.NMB
APEXMalicious
KasperskyVHO:Trojan-PSW.Win32.Stealer.gen
BitDefenderIL:Trojan.MSILZilla.9812
AvastMSIL:Kryptik-BI [Trj]
TencentMalware.Win32.Gencirc.120206b8
Ad-AwareIL:Trojan.MSILZilla.9812
EmsisoftIL:Trojan.MSILZilla.9812 (B)
DrWebTrojan.PWS.Stealer.21201
VIPREIL:Trojan.MSILZilla.9812
TrendMicroBackdoor.Win32.NANOCORE.SMC
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataIL:Trojan.MSILZilla.9812
JiangminTrojan.Generic.bysns
GoogleDetected
AviraHEUR/AGEN.1221664
Antiy-AVLTrojan/Generic.ASMalwS.3303
ArcabitIL:Trojan.MSILZilla.D2654
ZoneAlarmVHO:Trojan-PSW.Win32.Stealer.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Crypt.C4635432
ALYacIL:Trojan.MSILZilla.9812
MAXmalware (ai score=82)
MalwarebytesMalware.AI.1234260865
TrendMicro-HouseCallBackdoor.Win32.NANOCORE.SMC
RisingTrojan.Kryptik!8.8 (TFE:dGZlOgzQHKrPVfQk8g)
YandexTrojan.Agent!6CQKR5PnA4E
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.LQD!tr
BitDefenderThetaGen:NN.ZemsilF.34646.Km2@aSqqmjg
AVGMSIL:Kryptik-BI [Trj]
Cybereasonmalicious.6d7e30
PandaTrj/GdSda.A

How to remove Malware.AI.1234260865?

Malware.AI.1234260865 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment