Malware

Malware.AI.1539177598 removal guide

Malware Removal

The Malware.AI.1539177598 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1539177598 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Malware.AI.1539177598?



File Info:

name: F817BB5F83AEDBDA0F34.mlw
path: /opt/CAPEv2/storage/binaries/45f829971580756c14ecd380de32293ee411b3472aeb79cf4263c14f445c31f5
crc32: CAC47646
md5: f817bb5f83aedbda0f34d4c691634689
sha1: 787eb7dc969abdb3d817084ceb9cce570e5e878c
sha256: 45f829971580756c14ecd380de32293ee411b3472aeb79cf4263c14f445c31f5
sha512: cc113b8027c991c26923036afde91febc8a93ca3587cf11f6c29911bbab3b8f01108a06598aebf697cc59ef2bc2f7ce59889783a1646b2a0c116980f4166302b
ssdeep: 12288:IIQrun8JekcxczDupY3CyftVtaXIDuRTxrr82SFHVpLyBJ:7ONxcxczb3CktVtaXIIr82SvpL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T154456CF0B4E1F024C872547509149D3CA0C7BEA5AE38A9B771B4F76E1E363C99227E25
sha3_384: faaf5f037657c60832a491435bc2e7cd14e333a1bf3b8a56f077a3286e68ee5ded35e6396d8181635cdd5eccdbdf80c6
ep_bytes: e8db070000e980feffffff25f0914500
timestamp: 2017-05-08 11:54:29


Version Info:

CompanyName: Pass Prove
FileVersion: 13, 7, 7493, 4507
LegalTrademarks: Moon Glass
OriginalFilename: Moon Glass.exe
ProductName: Moon Glass
ProductVersion: 13, 7, 7493, 4507
Translation: 0x0409 0x04b0

Malware.AI.1539177598 also known as:

LionicTrojan.Win32.Generic.4!c
DrWebTrojan.DownLoader26.46698
MicroWorld-eScanGen:Heur.Mint.Zard.53
FireEyeGeneric.mg.f817bb5f83aedbda
ALYacGen:Heur.Mint.Zard.53
ZillyaTrojan.IcedID.Win32.1
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDropper:Win32/dropper.ali1003001
K7GWSpyware ( 00529b211 )
K7AntiVirusSpyware ( 00529b211 )
BitDefenderThetaGen:NN.ZexaF.34062.lz0@ae1AIaai
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.IcedId.D
TrendMicro-HouseCallTrojanSpy.Win32.URSNIF.SMKA0.hp
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Mint.Zard.53
NANO-AntivirusTrojan.Win32.IcedID.fcdqor
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10c9793d
Ad-AwareGen:Heur.Mint.Zard.53
SophosMal/Generic-S
TrendMicroTrojanSpy.Win32.URSNIF.SMKA0.hp
McAfee-GW-EditionBehavesLike.Win32.Generic.tm
EmsisoftGen:Heur.Mint.Zard.53 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.Mint.Zard.53
JiangminBackdoor.Androm.yry
AviraHEUR/AGEN.1109798
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASMalwS.260D2F4
ArcabitTrojan.Mint.Zard.53
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.Generic.C2533506
McAfeeGenericRXAA-AA!F817BB5F83AE
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.1539177598
APEXMalicious
RisingTrojan.Generic@ML.80 (RDML:ujoFarhx1FuZkqHFqkqKFw)
IkarusTrojan-Spy.Agent
FortinetW32/IcedId.D!tr.spy
AVGWin32:Malware-gen
Cybereasonmalicious.f83aed
PandaTrj/GdSda.A

How to remove Malware.AI.1539177598?

Malware.AI.1539177598 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment