Malware

Malware.AI.1509921823 (file analysis)

Malware Removal

The Malware.AI.1509921823 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1509921823 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Thai
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family

How to determine Malware.AI.1509921823?



File Info:

name: F64BA4CE706212680A53.mlw
path: /opt/CAPEv2/storage/binaries/55032aaa979fa575d36f50a0ac8e92fac331b5d7a018d5e617ff5c3bf4e110fa
crc32: C2A43571
md5: f64ba4ce706212680a539287901fa056
sha1: 79cbda6a0ac74097d1bc7755e3b8304e9afa3481
sha256: 55032aaa979fa575d36f50a0ac8e92fac331b5d7a018d5e617ff5c3bf4e110fa
sha512: a9e6152f6f48053221694ac07fcdb193e73a69b362a7c24032c4fc96ce14b44fe98b420a7dbd6eebac93d6873157412b5454131075b3fa2c409e7c69a3199518
ssdeep: 6144:wxnfmswlGGvq/TpMhUGRrqOzJP8JRIKINjsg:w+swlGGvq/ChzSl4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DA54CF2768683F48D4337375720B2F3554F9871F3A3A256CEAFF8BB1A174A504A6314A
sha3_384: 36839904ce4421f381dddd91d36ddd6e6a1c6a0e314a1f3542cb594985697cce14b740e2eab5a9ec42bf87a7f97f89d2
ep_bytes: 60be0000b8028dbe001088fd5783cdff
timestamp: 2020-09-02 21:10:57


Version Info:

FileVerus: 1.0.2.18
ProductVersys: 1.5.28.29
Translations: 0x0126 0x0186

Malware.AI.1509921823 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen12.64197
MicroWorld-eScanTrojan.GenericKDZ.73905
FireEyeGeneric.mg.f64ba4ce70621268
ALYacTrojan.GenericKDZ.73905
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0057a0d71 )
AlibabaTrojan:Win32/Glupteba.8cc51612
K7GWTrojan ( 0057a0d71 )
ArcabitTrojan.Generic.D120B1
BitDefenderThetaAI:Packer.FA21B8E820
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HKGC
TrendMicro-HouseCallTROJ_GEN.R002C0DKS21
Paloaltogeneric.ml
KasperskyUDS:Trojan.Multi.GenericML.xnet
BitDefenderTrojan.GenericKDZ.73905
AvastFileRepMalware
TencentWin32.Trojan.Generic.Ecad
Ad-AwareTrojan.GenericKDZ.73905
EmsisoftMemScan:Trojan.GenericKDZ.73905 (B)
TrendMicroTROJ_GEN.R002C0DKS21
McAfee-GW-EditionPacked-GDK!4E1A197F0249
SophosMal/Generic-S
IkarusTrojan-Banker.UrSnif
AviraHEUR/AGEN.1140469
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASMalwS.3241017
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Glupteba.PM!MTB
GDataTrojan.GenericKDZ.73905
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.GDK.C4797019
Acronissuspicious
McAfeeArtemis!F64BA4CE7062
MalwarebytesMalware.AI.1509921823
APEXMalicious
RisingTrojan.Kryptik!1.D4BE (CLASSIC)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_87%
FortinetW32/Kryptik.HKGD!tr
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_80% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.1509921823?

Malware.AI.1509921823 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment