Malware

Malware.AI.1377741635 removal guide

Malware Removal

The Malware.AI.1377741635 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1377741635 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Sniffs keystrokes
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Malware.AI.1377741635?



File Info:

name: 3B4FC92BEB6BC0B6BDFA.mlw
path: /opt/CAPEv2/storage/binaries/28c7339e77d3cfb59dd7ad2d83ba0f166207a0eab3e61bf1191a31bc4b94fb5e
crc32: 35DDE1F8
md5: 3b4fc92beb6bc0b6bdfa6648c60e87d1
sha1: 1816079ac1b8247163e3c5576d7a2f18bc63485b
sha256: 28c7339e77d3cfb59dd7ad2d83ba0f166207a0eab3e61bf1191a31bc4b94fb5e
sha512: ddd8749c45512dfd30fc68d7e9bc511b2e8092c3d93225dab2f5968844715ee4746416b9612d315f90fd34257f2a59431a980a01d662728c61afb8011db72ba7
ssdeep: 1536:FJNnmtUjFRblIrecZ66LFGqEvb38zgWmOIr:FxZVlHS6GcRvb37WmOIr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T137431944B7A44743D95EA6F884A283324375E4770637C3AF0CC9A8FD2AB73D58B52953
sha3_384: 5b45ee2f47e271933774012b27eddaeb8857a4f74fae14522141917436ee6f2f106a9d8c6a291f9f39077bb555620ecf
ep_bytes: ff250020400000000000000000000000
timestamp: 2011-10-18 11:08:28


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: csrss.exe
LegalCopyright:  
OriginalFilename: csrss.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Malware.AI.1377741635 also known as:

LionicTrojan.MSIL.Fsysna.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Ursu.271277
FireEyeGeneric.mg.3b4fc92beb6bc0b6
McAfeeGenericRXTG-AX!3B4FC92BEB6B
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005082b31 )
AlibabaTrojan:MSIL/Fsysna.ac2a0b51
K7GWTrojan ( 005082b31 )
CrowdStrikewin/malicious_confidence_100% (W)
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Autorun.Agent.BW
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.MSIL.Fsysna.gen
BitDefenderGen:Variant.Ursu.271277
AvastWin32:Malware-gen
TencentMsil.Trojan.Fsysna.Lkod
Ad-AwareGen:Variant.Ursu.271277
SophosMal/Generic-S
DrWebTrojan.KeyloggerNET.14
TrendMicroTROJ_GEN.R002C0PFN22
McAfee-GW-EditionGenericRXTG-AX!3B4FC92BEB6B
EmsisoftGen:Variant.Ursu.271277 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ursu.271277
AviraTR/Spy.Gen
ViRobotTrojan.Win32.Z.Ursu.59998
ZoneAlarmHEUR:Trojan.MSIL.Fsysna.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Generic.C5178098
Acronissuspicious
BitDefenderThetaGen:NN.ZemsilF.34742.dm1@amBF!Gd
ALYacGen:Variant.Ursu.271277
MAXmalware (ai score=83)
MalwarebytesMalware.AI.1377741635
TrendMicro-HouseCallTROJ_GEN.R002C0PFN22
RisingSpyware.Keylogger!1.647D (CLASSIC)
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
Cybereasonmalicious.beb6bc

How to remove Malware.AI.1377741635?

Malware.AI.1377741635 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment