Malware

Malware.AI.1345011936 removal instruction

Malware Removal

The Malware.AI.1345011936 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1345011936 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to modify desktop wallpaper
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.1345011936?



File Info:

name: 26305BC9B8695B981BB2.mlw
path: /opt/CAPEv2/storage/binaries/5e8f54ddb89fc2148cc47a1f09521352018f45b4bcb45f0b0328414fb098dd36
crc32: 130A8A3B
md5: 26305bc9b8695b981bb25c294ddb3f4b
sha1: 792d754e545a1c4cf51096d1ef70c7c64387e64c
sha256: 5e8f54ddb89fc2148cc47a1f09521352018f45b4bcb45f0b0328414fb098dd36
sha512: 612a78da2146c5f308c5b438c9508a96977a1ba6827d762daed9e719bff288d66e99d240adbf2adf47bac86e53eebd60badad5e72a825898c9b1d0a09bb1dc82
ssdeep: 49152:a4lpODgqD9Uh7a/93XY2wwT35BtNW+RW49TvafFXidjpr:lpOMKYAVoPwTJTXaf4H
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T166A5335232C0DA8BE0093D3708078B9356BCFF4436062AAE76D56F1FDD162F61D2B59A
sha3_384: ce53f261f3b4100acd065a0a5bb7f7359d38ce1515f9f9ef5922ce95cb648b77d96e5e85032d8b52a0d86dc9d99e3ac1
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46


Version Info:

0: [No Data]

Malware.AI.1345011936 also known as:

LionicRiskware.MSIL.PCOptimizer.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.45398407
FireEyeTrojan.GenericKD.45398407
CAT-QuickHealRisktool.NSIS.Pcoptimizer.A
McAfeeArtemis!26305BC9B869
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforAdware.MSIL.MyPCBackup.F
K7AntiVirusAdware ( 004bd8f61 )
K7GWAdware ( 004bd8f61 )
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/Trojan.GHR.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/MyPCBackup.G potentially unwanted
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:RiskTool.MSIL.PCOptimizer.b
BitDefenderTrojan.GenericKD.45398407
NANO-AntivirusRiskware.Win32.MyPCBackup.ebozmm
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.45398407
EmsisoftTrojan.GenericKD.45398407 (B)
DrWebProgram.Unwanted.1152
ZillyaDownloader.Generic.Win32.6929
McAfee-GW-EditionBehavesLike.Win32.BadFile.vc
SophosGeneric PUA HJ (PUA)
GDataTrojan.GenericKD.45398407
AviraHEUR/AGEN.1124328
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwNS.6EAF
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.Occamy.sa
MicrosoftTrojan:Win32/Occamy.C5E
CynetMalicious (score: 99)
AhnLab-V3PUP/Win32.BundleInstaller.R194324
ALYacTrojan.GenericKD.45398407
VBA32CIL.HeapOverride.Heur
MalwarebytesMalware.AI.1345011936
YandexRiskware.PCOptimizer!9TKR/U5ghms
SentinelOneStatic AI – Malicious PE
FortinetRiskware/PCOptimizer
AVGWin32:Malware-gen
Cybereasonmalicious.9b8695

How to remove Malware.AI.1345011936?

Malware.AI.1345011936 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment