Malware

What is “Malware.AI.1389450280”?

Malware Removal

The Malware.AI.1389450280 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1389450280 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A file with an unusual extension was attempted to be loaded as a DLL.
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Deletes executed files from disk

How to determine Malware.AI.1389450280?



File Info:

name: 0E312B646FAC3696EBDC.mlw
path: /opt/CAPEv2/storage/binaries/b0f6b15f35a4d01667101e9f2675375e996d59b463d2e973a5b512c97909c00e
crc32: 86C84403
md5: 0e312b646fac3696ebdc617c93cd801d
sha1: a9655567dfb26e45e50ef07d2cbb7be35789ba32
sha256: b0f6b15f35a4d01667101e9f2675375e996d59b463d2e973a5b512c97909c00e
sha512: 3c1735b56c6f1385c91d366c3fe616747353477b1283ca4e33a3424347181a0d3931c72a7e89b133488cc5ec726a60125b778479ff2a67d0a3bb855c1712de89
ssdeep: 24576:tiPUzk9J0dpt2bOWpK9yM7IM6A0SLA4R+sgAZCree9gMvDg5rZfAbMALfHrFC9:0wgJ0jtI3pK97MHDS849gM14dDcdY4AK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F46533D8A4E00540F7DF2F3075B28D8B7EF4DBA02B3596EC253873B275A1245D7AA849
sha3_384: 6d1fc07fc87eb136d6a1bfb3c45ed659c6cfa64fdc8da46c9a12f93ae72e8eac366e4a68d1a2f2a5d125b37328b9d86b
ep_bytes: 60be007041008dbe00a0feff57eb0b90
timestamp: 2012-12-31 00:38:51


Version Info:

CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX (x86)
FileVersion: 1.6.0.2712
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2012 Oleg N. Scherbakov
OriginalFilename: 7ZSfxMod_x86.exe
PrivateBuild: December 30, 2012
ProductName: 7-Zip SFX
ProductVersion: 1.6.0.2712
Translation: 0x0000 0x04b0

Malware.AI.1389450280 also known as:

CylanceUnsafe
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9869652-0
NANO-AntivirusTrojan.Win32.Miner.jpooel
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.BadFile.tc
JiangminTrojan.Crypzip.d
Antiy-AVLTrojan/Generic.ASMalwS.720E
KingsoftWin32.Troj.Generic_a.a.(kcloud)
McAfeeArtemis!0E312B646FAC
MalwarebytesMalware.AI.1389450280
FortinetW32/PossibleThreat
AVGFileRepMalware [Misc]
AvastFileRepMalware [Misc]

How to remove Malware.AI.1389450280?

Malware.AI.1389450280 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment