Malware

About “Malware.AI.1376635300” infection

Malware Removal

The Malware.AI.1376635300 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1376635300 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • CAPE detected the Nitol malware family
  • Creates a copy of itself

How to determine Malware.AI.1376635300?



File Info:

name: 47E0A5CE0A385A34313B.mlw
path: /opt/CAPEv2/storage/binaries/bb3397224c4c1c7d13fd93958a1b423e6ca8a8e1a8c5f3a21b1b24bb96e74268
crc32: 71C646CC
md5: 47e0a5ce0a385a34313b3e1d7087db54
sha1: 68ccf51303d02e5930b26e4274b2ab7b5b2059d7
sha256: bb3397224c4c1c7d13fd93958a1b423e6ca8a8e1a8c5f3a21b1b24bb96e74268
sha512: 71c5bd16da5735065ffc9b3b94c7f0a61b09316ea46ee99290e58dc8f1de5fc499711dc2bc4fbfc87eefe0d84c161b5844789c1ca8daa7182e6fb5d75b24c883
ssdeep: 6144:KsSEs4WxeqwTSOwab+dZxWOlHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH/:JSlwqwWOwaydZxWS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18FF57D7A40363990F09A48A4260D48C751B9E4D77F3C6D38A87F69C7DCFF58880B9B5A
sha3_384: a9e9707127e91a6e4b9e2c304a11ac570484b94c468ba8380d2b6e18b8872b87e7a879c6f679d6235fb9d32008a76196
ep_bytes: 60be00d045008dbe0040faff5783cdff
timestamp: 2020-07-03 14:57:02


Version Info:

Comments: 
CompanyName: 
FileDescription: liudao Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: liudao
LegalCopyright: 版权所有 (C) 2020
LegalTrademarks: 
OriginalFilename: liudao.EXE
PrivateBuild: 
ProductName: liudao 应用程序
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

Malware.AI.1376635300 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Siggen10.21040
MicroWorld-eScanGen:Heur.Mint.Zard.30
FireEyeGeneric.mg.47e0a5ce0a385a34
McAfeeGenericRXAA-AA!47E0A5CE0A38
CylanceUnsafe
ZillyaTrojan.Injector.Win32.791020
CrowdStrikewin/malicious_confidence_80% (D)
K7GWTrojan ( 004d35321 )
K7AntiVirusTrojan ( 004d35321 )
CyrenW32/Farfli.DG.gen!Eldorado
ESET-NOD32a variant of Win32/Injector.CJVZ
ClamAVWin.Keylogger.Deepscan-9189466-0
KasperskyHEUR:Backdoor.Win32.Farfli.gen
BitDefenderGen:Heur.Mint.Zard.30
AvastWin32:Malware-gen
Ad-AwareGen:Heur.Mint.Zard.30
EmsisoftGen:Heur.Mint.Zard.30 (B)
F-SecureHeuristic.HEUR/AGEN.1101570
McAfee-GW-EditionGenericRXLQ-UU!B679A49F2391
IkarusTrojan.Win32.Injector
GDataGen:Heur.Mint.Zard.30
JiangminBackdoor.Farfli.duw
AviraHEUR/AGEN.1101570
MAXmalware (ai score=80)
Antiy-AVLTrojan[Backdoor]/Win32.Farfli
ArcabitTrojan.Mint.Zard.30
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Win.Backdoor.R426535
VBA32Backdoor.Farfli
MalwarebytesMalware.AI.1376635300
APEXMalicious
RisingTrojan.Kryptik!1.D32C (CLASSIC)
YandexTrojan.GenAsa!gbD6tIFf5TA
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_97%
FortinetW32/Farfli.BNZS!tr
AVGWin32:Malware-gen
Cybereasonmalicious.e0a385

How to remove Malware.AI.1376635300?

Malware.AI.1376635300 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment