Malware

How to remove “Malware.AI.1458338134”?

Malware Removal

The Malware.AI.1458338134 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1458338134 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Malware.AI.1458338134?



File Info:

name: 6F4AD59829187A5D6FB7.mlw
path: /opt/CAPEv2/storage/binaries/a31d1a499e39e10a99ad8e557c41adfda2e834eb255871824592fbaeb2b566b0
crc32: 13B8A0B0
md5: 6f4ad59829187a5d6fb77633e307555d
sha1: 268bb1c1bdad0c7b719f0ed9460566b1b3693f39
sha256: a31d1a499e39e10a99ad8e557c41adfda2e834eb255871824592fbaeb2b566b0
sha512: 79ca298b07770891f6e5e6e66cd04a0ba84dc778bd2b7d0066af1d5da6ba997491fb3bad9aefac5d0ab828395e7a241c5d94daa835ee20d0c3aa0edd6f8fc159
ssdeep: 12288:3F2tSiQyuUNFt+ScNiR09V/Ni8C+lPYK2pa:3c8iHNFpGieNNc+lPYjpa
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1CAD449127B9189B6D6960A304525A62C2739F924D9038F4F2594BFDEFFF1BD09E21332
sha3_384: 0dd2d920c40a271c77cc4bf53a8441516ff70686fea0a9d763edb2cf0845fecb9f09b11917ebae7bf12f2303184a6a3b
ep_bytes: ff250020400000000000000000000000
timestamp: 2010-09-29 06:43:21


Version Info:

CompanyName: Microsoft Corporation
FileDescription: SMSvcHost.exe
FileVersion: 3.0.4506.5420 (Win7SP1.030729-5400)
InternalName: SMSvcHost.exe
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: SMSvcHost.exe
ProductName: Microsoft® .NET Framework
ProductVersion: 3.0.4506.5420
Comments: Flavor=Retail
PrivateBuild: DDBLD247
Translation: 0x0409 0x04b0

Malware.AI.1458338134 also known as:

Elasticmalicious (high confidence)
DrWebWin32.HLLW.Autoruner.547
CynetMalicious (score: 100)
FireEyeGeneric.mg.6f4ad59829187a5d
McAfeeArtemis!6F4AD5982918
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.829187
BitDefenderThetaGen:NN.ZexaF.34182.yyY@amSMtBo
CyrenW32/Autorun.DM.gen!Eldorado
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallWORM_AUTORUN.BTM
ClamAVWin.Worm.Vindor-9886047-0
BitDefenderTrojan.Agent.FQKM
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
MicroWorld-eScanTrojan.Agent.FQKM
AvastWin32:VB-FBX
EmsisoftTrojan.Agent.FQKM (B)
TrendMicroWORM_AUTORUN.BTM
McAfee-GW-EditionBehavesLike.Win32.Generic.hm
SophosMal/Generic-S
IkarusTrojan.Win32.Vindor
GDataMSIL.Worm.Pajetbin.A
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
SentinelOneStatic AI – Malicious PE
VBA32Worm.AutoRun
MalwarebytesMalware.AI.1458338134
APEXMalicious
RisingWorm.VB!1.DA3E (CLASSIC)
YandexTrojan.GenAsa!g8z8LT30jj4
MAXmalware (ai score=85)
FortinetW32/VB.FBX
AVGWin32:VB-FBX
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Malware.AI.1458338134?

Malware.AI.1458338134 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment