Malware

Malware.AI.1397492989 malicious file

Malware Removal

The Malware.AI.1397492989 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1397492989 virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.1397492989?



File Info:

name: 4BEC1C5CB36BD9127FCB.mlw
path: /opt/CAPEv2/storage/binaries/6cad618dee2e1839fc208dd9d954f38084f550e759430127462c547f4f929f84
crc32: 59579EB1
md5: 4bec1c5cb36bd9127fcb52dfc67202e4
sha1: fe5c3c8727457c6a8b8e87ae5ab22ac94ecd9187
sha256: 6cad618dee2e1839fc208dd9d954f38084f550e759430127462c547f4f929f84
sha512: b5b37c4dcc6a81741f5d67b7c5deddc16044fe0a5d4fcc84e4cac9ff52806de91eefca5f165cb2abaadcf800cff178964354b96afba6d61a9598d62619f00717
ssdeep: 6144:1VzEZ5YgoSsj/ZQUWvYqDUbsbX6EdK77RXW7VGwrLO8O7jL:a7oSOWUWvXbX5g7pW7JeL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AD54F15296218954F3AD0F319A5AF9E800888E3C64D4F50FF17CBE32A9322975E7718F
sha3_384: 3421abb69b781a60c6a225ea0083eb18bff3b2cb6c4a2a833c0d76dab1103eab3ccc4f0a86f0a404f9345a07959029de
ep_bytes: 60be003045008dbe00e0faff5789e58d
timestamp: 2013-12-26 02:29:23


Version Info:

0: [No Data]

Malware.AI.1397492989 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.lVHJ
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.GenericKD.67310271
ClamAVWin.Malware.Urelas-6717394-0
FireEyeGeneric.mg.4bec1c5cb36bd912
CAT-QuickHealTrojan.Gupboot.G.mue
McAfeeGenericRXAA-FA!4BEC1C5CB36B
MalwarebytesMalware.AI.1397492989
VIPRETrojan.GenericKD.67310271
SangforTrojan.Win32.Save.a
K7AntiVirusBackdoor ( 0053e8561 )
AlibabaBackdoor:Win32/Urelas.844d
K7GWBackdoor ( 0053e8561 )
Cybereasonmalicious.cb36bd
BitDefenderThetaGen:NN.ZexaF.36250.smHfaidMEanO
VirITTrojan.Win32.DownLoader11.DIBT
CyrenW32/Urelas.EV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.U
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderTrojan.GenericKD.67310271
NANO-AntivirusTrojan.Win32.Urelas.fjtpml
SUPERAntiSpywareTrojan.Agent/Gen-Gupboot
AvastWin32:GenMaliciousA-LJX [Trj]
TencentTrojan.Win32.Urelas.16000161
SophosTroj/Urelas-Q
BaiduWin32.Rootkit.Agent.s
F-SecureBackdoor.BDS/Backdoor.Gen7
DrWebTrojan.DownLoader11.58181
ZillyaBackdoor.Urelas.Win32.371
TrendMicroTROJ_GEN.R002C0DFB23
McAfee-GW-EditionBehavesLike.Win32.Corrupt.dc
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.67310271 (B)
IkarusTrojan.Win32.Gupboot
GDataTrojan.GenericKD.67310271
JiangminBackdoor.Generic.acxx
WebrootW32.Trojan.GenKD
AviraBDS/Backdoor.Gen7
MAXmalware (ai score=85)
Antiy-AVLTrojan[Downloader]/Win32.Urelas.ab
XcitiumTrojWare.Win32.Gupboot.AGQ@5t8mho
ArcabitTrojan.Generic.D40312BF
ViRobotTrojan.Win32.Agent.294645
ZoneAlarmHEUR:Backdoor.Win32.Generic
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win32.Urelas.R95130
Acronissuspicious
VBA32SScope.Backdoor.Urelas.3114
ALYacTrojan.GenericKD.67310271
Cylanceunsafe
PandaGeneric Suspicious
TrendMicro-HouseCallTROJ_GEN.R002C0DFB23
RisingTrojan.Urelas!8.1F5 (TFE:5:vT9XhC0OWaE)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Urelas.U!tr
AVGWin32:GenMaliciousA-LJX [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1397492989?

Malware.AI.1397492989 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment