Malware

What is “Malware.AI.1548860242”?

Malware Removal

The Malware.AI.1548860242 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1548860242 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • NtSetInformationThread: attempt to hide thread from debugger
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Expresses interest in specific running processes
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with Themida
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: 21C097E9D641ECAA9B09.mlw
  • Installs itself for autorun at Windows startup
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Malware.AI.1548860242?



File Info:

name: 21C097E9D641ECAA9B09.mlw
path: /opt/CAPEv2/storage/binaries/a83b03885db35753d6b7245181d4ab75d22e1c014c69f0e2633bab89c6cdec09
crc32: 9F71341E
md5: 21c097e9d641ecaa9b09c3662cf42a50
sha1: e23271e23611d1a3cae5b0127d6829762dd61745
sha256: a83b03885db35753d6b7245181d4ab75d22e1c014c69f0e2633bab89c6cdec09
sha512: e8a263edb2006d71743f4f8e2a484dbc700fa008c4800c0edcb381f00fe972601f6fa412875f4fe1f3442b1a36a8e0f48108b67a26fc40b2e5768f0ccee1e98a
ssdeep: 98304:xR06E3i+ZJKVvf/eeZ+Xbnz4YAiNjjZquwp12s1D:70Zz0vHeegrMYTN5Mv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A0623B2C3406A9ADD6553798833CD3288277E784D71912DA0AFBDB2B73724E1BB1153
sha3_384: ecdc81c8019333e721f1857c535809ad6e81688592aa0c12b43643013ad7bac8638e39a0555af399e1a4e5c7ee0bed93
ep_bytes: e84b0100005389e3538b73088b7b10fc
timestamp: 2022-06-30 13:51:45


Version Info:

FileDescription: Dowload
FileVersion: 1.0.0.0
ProductName: Dowload
ProductVersion: 1.0.0.0
ProgramID: com.embarcadero.Dowload
Translation: 0x0409 0x04e4

Malware.AI.1548860242 also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
FireEyeGeneric.mg.21c097e9d641ecaa
ALYacGen:Variant.Barys.317426
CylanceUnsafe
SangforSuspicious.Win32.Save.a
Cybereasonmalicious.23611d
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
APEXMalicious
Kasperskynot-a-virus:HEUR:AdWare.Win32.Generic
BitDefenderGen:Variant.Barys.317426
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
MicroWorld-eScanGen:Variant.Barys.317426
Ad-AwareGen:Variant.Barys.317426
SophosGeneric ML PUA (PUA)
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Barys.317426 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.317426
ArcabitTrojan.Barys.D4D7F2
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Generic
MicrosoftProgram:Win32/Wacapew.C!ml
Acronissuspicious
MAXmalware (ai score=86)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.1548860242
RisingTrojan.Generic@AI.98 (RDML:svnCP3N3EnyFDPOspqg9eA)
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34742.X@0@aSH51Xgi

How to remove Malware.AI.1548860242?

Malware.AI.1548860242 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment