Malware.AI.1323667795 malicious file

The Malware.AI.1323667795 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.1323667795 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.1323667795?


File Info:
name: D337B40B0A49190B826D.mlw
path: /opt/CAPEv2/storage/binaries/87f86dc1e47cfba4202b45770842e4ad6d42283f4cbdcf4c4f22bc768942daaa
crc32: E2E82737
md5: d337b40b0a49190b826db1c1f10ffc63
sha1: 1ff5119f4b176115bae035ab84e70bf38b8ca906
sha256: 87f86dc1e47cfba4202b45770842e4ad6d42283f4cbdcf4c4f22bc768942daaa
sha512: 08d67ab35a9d29ff1b9847c68a698c348529ab960cc3bece61c2e59406bc6c0847cb072260f79f675d1966416fb09ef5480f0894d63c2381c23eb97ac399f29e
ssdeep: 12288:ljskyEpi834TbgT4uu68ak0p5WTaWWjd:ljzyE74uz8a55sYR
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1B4C4DF82861845C1EB3026719D3F9794B3353993AB24768F67F4E12F3EB6F812C2958D
sha3_384: 282de4d6baa7f4222250df296c670a2b34cf31979c7fc9ef5ac84427f05479ba1639671d2383e797de9fd5e2576ec337
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2020-12-09 17:50:28

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Distributed Transaction Coordinator Service
FileVersion: 2001.12.10941.16384 (WinBuild.160101.0800)
InternalName: MSDTC.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: MSDTC.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.1323667795 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.132
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.d337b40b0a49190b
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
Cybereason	malicious.f4b176
Arcabit	Win64.Expiro.Gen.6
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
ClamAV	Win.Virus.Expiro-9891995-0
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
NANO-Antivirus	Virus.Win64.Expiro.clnvwd
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Emsisoft	Win64.Expiro.Gen.6 (B)
TrendMicro	Virus.Win64.EXPIRO.MR
Sophos	ML/PE-A + W64/Expiro-AX
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Bingoml.akq
MaxSecure	virus.win64.expiro.gen
Avira	TR/Patched.Gen
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win64.Expiro.Gen.6
Cynet	Malicious (score: 100)
ALYac	Win64.Expiro.Gen.6
Malwarebytes	Malware.AI.1323667795
APEX	Malicious
Ikarus	Virus.Win64.Expiro
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Malware.AI.1323667795?

Malware.AI.1323667795 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X