Malware.AI.1507421134 removal

The Malware.AI.1507421134 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.1507421134 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.1507421134?


File Info:
name: FE1F377BB8BD080DDB3A.mlw
path: /opt/CAPEv2/storage/binaries/b887e7bb92bd396b6da1df51b5eb5ac466cb4acddfc24d9a1263bb5757a7c376
crc32: 3BFC0388
md5: fe1f377bb8bd080ddb3a0a808f27e5bd
sha1: 6f390aaa22715da5c06f810ffc2beab41b453122
sha256: b887e7bb92bd396b6da1df51b5eb5ac466cb4acddfc24d9a1263bb5757a7c376
sha512: 2a616437f6aa4a16ec87f4224347040d9b2ea4683ad227a94272aa2c9e0662dae8be944b17922e8ed4fa1dd326b9be57e709ec6e1c703d977b42e97f96dbe183
ssdeep: 24576:vJW2KjJ4Td3kJnbsPhnzq6sWtO/HX2bqDda16j:vInJ4Td3mbsPhne6ftF
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T15A05AD53EDD0B6CCCC39F731983E425516D6BC7AD2C49A9E96D873382A702C0D61A93B
sha3_384: c18ed96ede83d9324c98da57692219f0445dafc38802e6630df7a174893a8311956e8ba4978f91ee1cd9fee3140589f2
ep_bytes: 505753b830000000648b38518bc783c0
timestamp: 2047-10-12 10:58:09

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows PowerShell
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: POWERSHELL
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: PowerShell.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.1507421134 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Expiro.Gen.6
FireEye	Generic.mg.fe1f377bb8bd080d
Cylance	Unsafe
Sangfor	Virus.Win32.Expiro.ns
K7AntiVirus	Virus ( 00580a951 )
Alibaba	Virus:Win32/Expiro.a8aefba9
K7GW	Virus ( 00580a951 )
CrowdStrike	win/malicious_confidence_90% (W)
BitDefenderTheta	Gen:NN.ZexaF.34182.Zu0@aaw5!Xei
Cyren	W32/Expiro.W.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Expiro.CL
APEX	Malicious
ClamAV	Win.Virus.Expiro-9891456-0
Kaspersky	Virus.Win32.Expiro.ns
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Ad-Aware	Win32.Expiro.Gen.6
Emsisoft	Win32.Expiro.Gen.6 (B)
DrWeb	Win32.Expiro.150
VIPRE	Virus.Win32.Expiro.dp (v)
TrendMicro	Virus.Win32.EXPIRO.AF
McAfee-GW-Edition	BehavesLike.Win32.Virus.ch
Sophos	ML/PE-A + W32/Expiro-AU
SentinelOne	Static AI – Suspicious PE
GData	Win32.Expiro.Gen.6
Jiangmin	Trojan.Generic.gcshv
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.304
ZoneAlarm	Virus.Win32.Expiro.ns
Microsoft	Virus:Win32/Aicat.A!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Virus/Win.Expiro.X2115
Acronis	suspicious
VBA32	BScope.Trojan.Wacatac
ALYac	Win32.Expiro.Gen.6
MAX	malware (ai score=87)
Malwarebytes	Malware.AI.1507421134
TrendMicro-HouseCall	Virus.Win32.EXPIRO.AF
Tencent	Virus.Win32.Expiro.ns
Fortinet	W32/Expiro.RC!tr
AVG	Win32:Xpirat-C [Inf]
Cybereason	malicious.bb8bd0

How to remove Malware.AI.1507421134?

Malware.AI.1507421134 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X