Malware

Malware.AI.1485741972 (file analysis)

Malware Removal

The Malware.AI.1485741972 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1485741972 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.1485741972?



File Info:

name: 223B5E0F6813E3D38A11.mlw
path: /opt/CAPEv2/storage/binaries/f716e947827e965bb37f5a9132b7cb4e8cc799fbef0c3ad977c7a19f9bf7f70f
crc32: 99490EEF
md5: 223b5e0f6813e3d38a113719291f0eb2
sha1: e26001db401abc45bba7de6f90597f2853cbc34b
sha256: f716e947827e965bb37f5a9132b7cb4e8cc799fbef0c3ad977c7a19f9bf7f70f
sha512: 9e1060850e4c9e05f7bbd8eb00bcade3e89b6e412e458c925270667248a2f06b0a8cf0889da41574548500806ecb49b59ae19c23374a1fd7b208d2e981d66029
ssdeep: 24576:QsTBsEaGVUtc7A2wiORI+/QuuoL4fm+YZDnoFTRXsvFxfBP7rX:vTmt4YRI+/QuuoLsgLo/XoxfV/X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T111250228BCF4DA85FDE45AFE704F109CDE5C2FB86D052E129206245CDAC2EDA575AB30
sha3_384: edd97bce6ac6428637304c41f4c8773c551999cdcac0d2c696f75e201451237db86152718880b2806c23d4e951638f8e
ep_bytes: be000000005781c0c9032c2381c0916a
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Malware.AI.1485741972 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader44.14671
MicroWorld-eScanGen:Variant.Razy.883920
FireEyeGeneric.mg.223b5e0f6813e3d3
ALYacGen:Variant.Razy.883920
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00577ea11 )
AlibabaTrojan:Win32/Kryptik.2c575fae
K7GWTrojan ( 00577ea11 )
Cybereasonmalicious.f6813e
BitDefenderThetaAI:Packer.F08176A81E
CyrenW32/Kryptik.ECA.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.GJIX
TrendMicro-HouseCallTROJ_GEN.R002C0PLB21
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.883920
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.11dc058d
Ad-AwareGen:Variant.Razy.883920
TrendMicroTROJ_GEN.R002C0PLB21
McAfee-GW-EditionBehavesLike.Win32.Glupteba.fc
EmsisoftGen:Variant.Razy.883920 (B)
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Razy.883920
JiangminTrojan.Generic.hekvq
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.34E666A
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Woreflint.A!cl
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R299848
McAfeeGlupteba-FTTQ!223B5E0F6813
MAXmalware (ai score=81)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.1485741972
APEXMalicious
RisingTrojan.Kryptik!1.BF57 (CLOUD)
YandexTrojan.Agent!p8kUeB4zEvw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.ECM!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1485741972?

Malware.AI.1485741972 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment