Malware

Malware.AI.1416868177 (file analysis)

Malware Removal

The Malware.AI.1416868177 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1416868177 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Emotet malware family

How to determine Malware.AI.1416868177?



File Info:

name: C669A2C80766E915562F.mlw
path: /opt/CAPEv2/storage/binaries/50929db97ee32606804a42bb6dde275153e3ca48e3ae27a96f77760be9864b58
crc32: 3B84ECBC
md5: c669a2c80766e915562f9da90882066c
sha1: 74538307a05a4749aafff946079881eddc563dfe
sha256: 50929db97ee32606804a42bb6dde275153e3ca48e3ae27a96f77760be9864b58
sha512: 047959132a5231f3978d0576814ce5006a2e7d6d219dec15dbdd514d5f88305c2565689dec1bc380dc946868711452dfe92802fb0cf62e9b18f0a67ef7787033
ssdeep: 6144:4WNT8cGMDAPeX3fvIwb7Xr/3nnTfvIaCE:9t8cGMDWaCE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15824D4C2939C1A8CF87A743590B64841E3A4FED557B6E20B25F4742A14F07EA3C276B7
sha3_384: 507eae5d4e48cd9135f655b75be98bb1f6b2b431a8359df78834d644488b57bc8151bf78bb320186915fed51fe688c93
ep_bytes: 558bec83ec14c745f401000000c745f0
timestamp: 2019-09-22 15:42:49


Version Info:

CompanyName: Magneto Software
FileDescription: Global Network Inventory Scanner
FileVersion: 4, 1, 0, 4
InternalName: GNI Scanner
LegalCopyright: Copyright© Magneto Software
OriginalFilename: gniscan.exe
ProductName: Global Network Inventory
ProductVersion: 4, 1, 0, 4
Translation: 0x0409 0x04b0

Malware.AI.1416868177 also known as:

LionicHacktool.Win32.Krap.lKMc
Elasticmalicious (high confidence)
DrWebTrojan.Siggen8.46301
MicroWorld-eScanTrojan.Mint.Zamg.O
FireEyeGeneric.mg.c669a2c80766e915
ALYacTrojan.Mint.Zamg.O
CylanceUnsafe
ZillyaTrojan.Emotet.Win32.17973
SangforSuspicious.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Emotet.3005910d
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.80766e
BitDefenderThetaGen:NN.ZexaF.34182.nq0@aaei2Jli
CyrenW32/Emotet.WZ.gen!Eldorado
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.GWQI
TrendMicro-HouseCallTrojanSpy.Win32.TRICKBOT.SMB1.hp
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Mint.Zamg.O
NANO-AntivirusTrojan.Win32.Kryptik.hliqbn
SUPERAntiSpywareTrojan.Agent/Gen-Emotet
AvastWin32:MalwareX-gen [Trj]
TencentWin32.Trojan-banker.Emotet.Sxxx
SophosMal/Generic-R + Mal/Emotet-Q
ComodoTrojWare.Win32.TrickBot.EA@8h0vlj
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Emotet.dt
EmsisoftTrojan.Mint.Zamg.O (B)
JiangminTrojan.Banker.Emotet.kae
AviraTR/AD.Emotet.ciza
Antiy-AVLTrojan/Generic.ASBOL.C5FF
GridinsoftRansom.Win32.TrickBot.sa
MicrosoftTrojan:Win32/Emotet.BD!MTB
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Mint.Zamg.O
SentinelOneStatic AI – Suspicious PE
AhnLab-V3Trojan/Win32.Agent.C3477125
McAfeeEmotet-FMY!C669A2C80766
VBA32BScope.TrojanRansom.Cryptor
MalwarebytesMalware.AI.1416868177
APEXMalicious
RisingTrojan.Kryptik!1.BCB0 (CLOUD)
YandexTrojan.GenAsa!WLCbHvsLDig
MAXmalware (ai score=82)
MaxSecureTrojan.Malware.74578508.susgen
FortinetW32/GenKryptik.DTYT!tr
AVGWin32:MalwareX-gen [Trj]
PandaTrj/Emotet.D
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1416868177?

Malware.AI.1416868177 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment