Malware

Malware.AI.1263519350 (file analysis)

Malware Removal

The Malware.AI.1263519350 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1263519350 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information about installed applications
  • Attempts to modify browser security settings
  • Harvests credentials from local FTP client softwares
  • Collects information to fingerprint the system

How to determine Malware.AI.1263519350?



File Info:

name: 5BFD2CEB040C43AB3B36.mlw
path: /opt/CAPEv2/storage/binaries/ad872d1a1d7f59972a4a16c051eeb3178349d7b18e4a6af82a9cd8daf68e04de
crc32: 88F885E1
md5: 5bfd2ceb040c43ab3b369eb79820f6b2
sha1: 6210bb83fd0981a88d385bb45ed80c12199392f6
sha256: ad872d1a1d7f59972a4a16c051eeb3178349d7b18e4a6af82a9cd8daf68e04de
sha512: 83be69708bfd217c890e87fef0ba1f100e888d76aedc47ec679835b334b4fa83a77cc41883b41127993ebc6a994e02caf73e207d480bc3d5271d68314806e46a
ssdeep: 6144:oRzLS6AJrgasGNr4HyyZCSsOc5PlzR9JHj:o9SNgGNr8ZCSs1Pt99
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B864D07DEEC178A3C263EBF2569A2AA2963A58A5530349973147194CFB13CE05CFC731
sha3_384: 60b471a2b3f3c0365d48fdce004649a7f613743ae1954e10154bd2873bb98ae8b8614663da61598a883bdcbbe5b171d5
ep_bytes: 558bec518bc08bc58bc08945fc8b45fc
timestamp: 2013-01-17 10:29:05


Version Info:

CompanyName: Microsoft Corporation
DirectShow: Windows Media Player
FileDescription: Windows Media Player
FileVersion: 6.4.09.1125
InternalName: MPlayer2.exe
LegalCopyright: Copyright (C) 1992-1999 Microsoft Corp.
OriginalFilename: MPlayer2.exe
ProductName: Microsoft Windows Media Player
ProductVersion: 6.4.09.1125
Translation: 0x0409 0x04e4

Malware.AI.1263519350 also known as:

BkavW32.AIDetect.malware2
LionicWorm.Win32.Dorifel.lDKm
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.873161
FireEyeGeneric.mg.5bfd2ceb040c43ab
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeePWS-Zbot-FAHM!5BFD2CEB040C
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.98770
SangforTrojan.Win32.Zbot.AGK
K7AntiVirusTrojan ( 0040f26d1 )
AlibabaTrojanSpy:Win32/Bulta.fb031652
K7GWTrojan ( 0040f26d1 )
Cybereasonmalicious.b040c4
BitDefenderThetaGen:NN.ZexaF.34212.uG2@aaUFLSfi
VirITTrojan.Win32.Zyx.RE
CyrenW32/Zbot.FO.gen!Eldorado
SymantecPacked.Generic.406
ESET-NOD32Win32/Spy.Zbot.AAO
APEXMalicious
ClamAVWin.Dropper.Zeus-9902451-0
KasperskyTrojan-Spy.Win32.Zbot.iowx
BitDefenderGen:Variant.Razy.873161
NANO-AntivirusTrojan.Win32.Zbot.crljhl
AvastWin32:Karagany
TencentMalware.Win32.Gencirc.1149134c
Ad-AwareGen:Variant.Razy.873161
EmsisoftGen:Variant.Razy.873161 (B)
ComodoTrojWare.Win32.Kazy.DFFE@4yswuj
F-SecureTrojan:W32/Kamala.A
DrWebTrojan.PWS.Panda.2401
VIPREVirtool.Win32.Obfuscator.as!c (v)
TrendMicroTROJ_SIGEKAF.SM
McAfee-GW-EditionPWS-Zbot-FAHM!5BFD2CEB040C
SophosMal/Generic-R + Troj/Zbot-DUZ
IkarusTrojan.Win32.Reveton
GDataGen:Variant.Razy.873161
JiangminTrojanSpy.Zbot.fpil
AviraTR/Kazy.139169786
Antiy-AVLTrojan[Spy]/Win32.Zbot
ArcabitTrojan.Razy.DD52C9
ZoneAlarmTrojan-Spy.Win32.Zbot.iowx
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R51060
Acronissuspicious
VBA32BScope.TrojanPSW.Panda
ALYacGen:Variant.Razy.873161
MAXmalware (ai score=99)
MalwarebytesMalware.AI.1263519350
TrendMicro-HouseCallTROJ_SIGEKAF.SM
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.GenAsa!pfbJ7H0Zel4
SentinelOneStatic AI – Malicious PE
FortinetW32/Zbot.JDKV!tr
AVGWin32:Karagany
PandaTrj/Hexas.HEU
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1263519350?

Malware.AI.1263519350 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment