Malware

What is “Malware.AI.1302068877”?

Malware Removal

The Malware.AI.1302068877 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1302068877 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Ukrainian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Uses IOCTL_SCSI_PASS_THROUGH control codes to manipulate drive/MBR which may be indicative of a bootkit
  • Attempted to write directly to a physical drive
  • Anomalous binary characteristics

How to determine Malware.AI.1302068877?



File Info:

name: ACD299AD7AD1151D77BD.mlw
path: /opt/CAPEv2/storage/binaries/de2b49ba4a61cd31d6cf865089317ccd6d77a17c6f74b9c7be7ae65c7f16797c
crc32: 262A4AC9
md5: acd299ad7ad1151d77bdf838baf28c1a
sha1: 633a973ccaedb5d02c88a960b6a7e9b41198e9a2
sha256: de2b49ba4a61cd31d6cf865089317ccd6d77a17c6f74b9c7be7ae65c7f16797c
sha512: f7eab23851eaf6c25648dbbce4e9cdd95d5f148b88e7caa41fbda14155800c79393a79b22a66134b9e4664c5d9c108b0b8d964df1266c083bb8cf2e8d0b44bda
ssdeep: 12288:CCGXeXJ2Ys3P+duIYUoGlbeBAuUWAr1eMAio8QJx2DC0X467Nc:3XJ2YOW7YUoGlWgWAReBkLIic
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T142C4021277F99158F4F36B34AAB686A04E36BC61FE30DD5F6151A48E2C32B00D9A1773
sha3_384: eafd5d649aa0eb3e39a1bbb8f1cc823410bef006ff701d5c566dec938613e9fb85215a5d42be7335ffbc47840e043c24
ep_bytes: 6801305000e801000000c3c3fe019b19
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
CompanyName: Click And Deploy (Pte. Ltd.)
FileDescription: AlertDispatcher Console
FileVersion: 8.115.1008.0
InternalName: AlertDispatcher
LegalCopyright: Click And Deploy (Pte. Ltd.)
OriginalFilename: 
PrivateBuild: 
ProductName: AlertDispatcher
ProductVersion: 8.115.1008.0
Translation: 0x4809 0x04b0

Malware.AI.1302068877 also known as:

MicroWorld-eScanGen:Variant.Barys.230904
FireEyeGen:Variant.Barys.230904
McAfeeArtemis!ACD299AD7AD1
CylanceUnsafe
BitDefenderThetaGen:NN.ZelphiCO.34294.HS0aa4sW3rlc
TrendMicro-HouseCallTROJ_GEN.R002H09KN21
BitDefenderGen:Variant.Barys.230904
Ad-AwareGen:Variant.Barys.230904
McAfee-GW-EditionBehavesLike.Win32.BadFile.hc
EmsisoftGen:Variant.Barys.230904 (B)
GDataGen:Variant.Barys.230904
MAXmalware (ai score=88)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
VBA32TScope.Trojan.Delf
MalwarebytesMalware.AI.1302068877
APEXMalicious
FortinetW32/PossibleThreat

How to remove Malware.AI.1302068877?

Malware.AI.1302068877 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment