Malware

Malware.AI.1386420571 (file analysis)

Malware Removal

The Malware.AI.1386420571 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1386420571 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Yemen)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Creates a copy of itself

How to determine Malware.AI.1386420571?



File Info:

name: FE84679346AB46E24974.mlw
path: /opt/CAPEv2/storage/binaries/03f18f3b86c09e59d41647a1e46ecf26d194d6e6dd2304be3bae3a2e323d71d5
crc32: E27456E4
md5: fe84679346ab46e24974ba6278b3775d
sha1: b239e34508699f6d4abbee76f233a6110d9d938f
sha256: 03f18f3b86c09e59d41647a1e46ecf26d194d6e6dd2304be3bae3a2e323d71d5
sha512: 3112a719a3a2c6d914a73d7431d1e31737255109692f13b6afc909d91c937e765aab87e84f65d4baba6d3eedbe748fe4b963fc88ef2879e9278bd6b2d0d8ae30
ssdeep: 3072:M16kgNZiUqs/OCb681gxPSm0AEqlO5aWwxy3xY5:MYkqZiUdWpxamdET5aWYM2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16DD3D403BB5882A3D47F1B3004B84B59E775A4397B5A43CB2568BB3DEDD13C26E12399
sha3_384: bc3cd557fa68bcbf3ba1c2216c63d1813c7fb19169d076c9ed73bf8e659ccd52f8dd3f1957f389eb9b2dc9dc3ba681be
ep_bytes: e8e0360000e989feffff8bff558bec81
timestamp: 2013-07-15 23:15:21


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Don HO don.h@free.fr
FileDescription: Notepad++ : a free (GNU) source code editor
FileVersion: 6.13
InternalName: npp.exe
LegalCopyright: Copyleft 1998-2006 by Don HO
OriginalFilename: Notepad++.exe
ProductName: Notepad++
ProductVersion: 6.13

Malware.AI.1386420571 also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Variant.Mikey.118869
FireEyeGeneric.mg.fe84679346ab46e2
CAT-QuickHealTrojan.Lethic.B5
McAfeePWS-Zbot-FAXY!FE84679346AB
MalwarebytesMalware.AI.1386420571
SangforTrojan.Win32.Generic.ky
K7AntiVirusTrojan ( 0040f5b31 )
K7GWTrojan ( 0040f5b31 )
Cybereasonmalicious.346ab4
BitDefenderThetaGen:NN.ZexaF.34638.iu0@a4wsTMpO
CyrenW32/S-bf6d6dce!Eldorado
SymantecW32.IRCBot.NG
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.AJOF
APEXMalicious
ClamAVWin.Trojan.Ag-4254306-1
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Mikey.118869
NANO-AntivirusTrojan.Win32.NgrBot.ccimot
SUPERAntiSpywareTrojan.Agent/Gen-Fake[Plus]
AvastWin32:Crypt-POM [Trj]
TencentMalware.Win32.Gencirc.10c75e4e
Ad-AwareGen:Variant.Mikey.118869
SophosML/PE-A + Mal/EncPk-AKA
ComodoTrojWare.Win32.Injector.ajof@51iun6
DrWebBackDoor.IRC.NgrBot.146
ZillyaTrojan.PornoAsset.Win32.15614
TrendMicroMal_Oficla
McAfee-GW-EditionPWS-Zbot-FAXY!FE84679346AB
EmsisoftGen:Variant.Mikey.118869 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Mikey.118869
JiangminBackdoor/Androm.wh
AviraTR/Dropper.Gen
KingsoftWin32.HeurC.KVM007.a.(kcloud)
ViRobotTrojan.Win32.Agent.194048.H
MicrosoftVirTool:Win32/CeeInject
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.PornoAsset.C174990
VBA32BScope.Malware-Cryptor.Oop
ALYacGen:Variant.Mikey.118869
MAXmalware (ai score=80)
TrendMicro-HouseCallMal_Oficla
RisingTrojan.Win32.Generic.15807C4A (C64:YzY0OlKDa32WYdV3S40Vm+KYx1U)
YandexTrojan.GenAsa!lsujwIRRyIw
IkarusTrojan.Win32.Matsnu
FortinetW32/Androm.AOCK!tr
AVGWin32:Crypt-POM [Trj]
PandaTrj/Genetic.gen

How to remove Malware.AI.1386420571?

Malware.AI.1386420571 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment