About “Malware.AI.1529294503” infection

The Malware.AI.1529294503 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.1529294503 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.1529294503?


File Info:
name: 7F429F0ACEDEC24BDF8E.mlw
path: /opt/CAPEv2/storage/binaries/4503cc81cd62ca5eff36e7fb765edea3e97b7481b2a30128c3c2f626feec41fb
crc32: 23BB3820
md5: 7f429f0acedec24bdf8eadc7dcea9919
sha1: 82d5ffa35a169720ee8cdc9039b0473841e99d99
sha256: 4503cc81cd62ca5eff36e7fb765edea3e97b7481b2a30128c3c2f626feec41fb
sha512: 4ffd0c32b83769d8683b3425ede4932e1300c1e49b9a767fd9e6c08f12558d528b3471b6bb219d2b2ba9042e198d2bcfc1ed1ae4200bcc512e7f157105ad03b2
ssdeep: 12288:6xJsT5GsNINPrhsnezLS7e8Vr9SzE9P7ytk0j8f:6W5bNyKB7ecWE9IkGi
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1B9B4CF63AF0470CDC31992363691EA49B1707910321667C7F9E5B74E0F9EAA3BE3E641
sha3_384: daa805c7b1f05ba190f6609d737852a7f903629c3eec621eb48310c25511910eeb344d1e81a700d9a84efd66797c65d7
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2047-02-15 20:41:08

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Application Layer Gateway Service
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: ALG.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ALG.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.1529294503 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.132
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.7f429f0acedec24b
ALYac	Win64.Expiro.Gen.6
Cylance	Unsafe
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
Cybereason	malicious.35a169
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
APEX	Malicious
ClamAV	Win.Virus.Expiro-9876440-0
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
NANO-Antivirus	Virus.Win64.Expiro.clnvwd
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Sophos	ML/PE-A + W64/Expiro-AX
TrendMicro	Virus.Win64.EXPIRO.MR
Emsisoft	Win64.Expiro.Gen.6 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Bingoml.akq
MaxSecure	virus.win64.expiro.gen
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win64.Expiro.Gen.6
Cynet	Malicious (score: 100)
Acronis	suspicious
MAX	malware (ai score=84)
Malwarebytes	Malware.AI.1529294503
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
Ikarus	Virus.Win64.Expiro
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_80% (D)

How to remove Malware.AI.1529294503?

Malware.AI.1529294503 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X