Malware

Malware.AI.136681650 (file analysis)

Malware Removal

The Malware.AI.136681650 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.136681650 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Malware.AI.136681650?



File Info:

name: 726D1151E153D385FEB2.mlw
path: /opt/CAPEv2/storage/binaries/be5bbc63797c7f3371d3263fcebd4d0890e05ee0939eeba90e4555e2f499fc2d
crc32: 0A40F6D0
md5: 726d1151e153d385feb26fa825eb56bd
sha1: 66d57b1e51a671f88a56fdd4617409cfd0a98007
sha256: be5bbc63797c7f3371d3263fcebd4d0890e05ee0939eeba90e4555e2f499fc2d
sha512: 2975967e8e8bf1e02b1621a5e2e01445bc7ab3794dc2f87450b8887bc34b67dab11ae35cacc88639a61af776e9361e8f6fc7bf34357ab7876356d7be70d663df
ssdeep: 6144:P0GIobtUSyx89VJpdbbFor2HZO8t9J+4N98YuVHyluYJ3fjk24+6zi5GdlnvgxG6:PRTtUSI8/J3bF22HZv241gb+6fjwcw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A5C47C1467EC421EF5BF7778E4750140E6F2B866B5AACF8E584040FE1962B41EE037AB
sha3_384: 85561f74ee9179a0e4289cccbec596a29471a76060bc2e4a5ce3dc8792e72f75bf7ac42912bd48d9cf35b44755a09ca2
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-04-17 10:07:52


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 3.4.0.8
InternalName: SNIPRLocal.exe
LegalCopyright:  
OriginalFilename: SNIPRLocal.exe
ProductVersion: 3.4.0.8
Assembly Version: 3.4.0.8

Malware.AI.136681650 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.204215
FireEyeGeneric.mg.726d1151e153d385
McAfeePacked-PM!726D1151E153
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforBackdoor.Win32.Generic.ky
K7AntiVirusTrojan ( 0053e65b1 )
AlibabaBackdoor:MSIL/Remcos.36cdc42d
K7GWTrojan ( 0053e65b1 )
Cybereasonmalicious.1e153d
CyrenW32/MSIL_Kryptik.CRY.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Kryptik.PSV
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Nanocore-9903369-0
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderGen:Variant.Razy.204215
NANO-AntivirusTrojan.Win32.Quasar.hjkuiq
AvastWin32:Malware-gen
TencentWin32.Backdoor.Generic.Afrp
SophosMal/Generic-S
ComodoTrojWare.MSIL.Boilod.MFC@7j93d6
DrWebBackDoor.Quasar.1
ZillyaBackdoor.Generic.Win32.29029
TrendMicroTROJ_GEN.R002C0DJG21
McAfee-GW-EditionBehavesLike.Win32.Generic.hh
EmsisoftGen:Variant.Razy.204215 (B)
IkarusTrojan.MSIL.Krypt
JiangminBackdoor.Generic.bcwb
WebrootW32.Malware.Gen
AviraTR/Dropper.MSIL.Gen
MicrosoftTrojan:MSIL/Remcos.PH!MTB
ZoneAlarmHEUR:Backdoor.Win32.Generic
GDataGen:Variant.Razy.204215
CynetMalicious (score: 99)
BitDefenderThetaGen:NN.ZemsilF.34182.Im0@aKqVqlf
ALYacGen:Variant.Razy.204215
MAXmalware (ai score=81)
VBA32TScope.Trojan.MSIL
MalwarebytesMalware.AI.136681650
TrendMicro-HouseCallTROJ_GEN.R002C0DJG21
RisingMalware.Obfus/MSIL@AI.92 (RDM.MSIL:JZDyCVwanbNrtC1c81O97g)
YandexTrojan.Kryptik!Xi7eDLYcWRo
SentinelOneStatic AI – Malicious PE
FortinetMSIL/CoinMiner.DTL!tr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.136681650?

Malware.AI.136681650 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment