Malware

Malware.AI.1554129049 information

Malware Removal

The Malware.AI.1554129049 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1554129049 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Attempts to modify Internet Explorer’s start page
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself

How to determine Malware.AI.1554129049?



File Info:

name: BF21732A8AEAF1A6572B.mlw
path: /opt/CAPEv2/storage/binaries/baab7e9cc442668235f6e5e22a86e4667db6e007247e2cf345afe7e115e8c2be
crc32: 2021D005
md5: bf21732a8aeaf1a6572b3fe3b94a65d9
sha1: 60de24d56b31f53d48344ebf65baf5a9c60ed367
sha256: baab7e9cc442668235f6e5e22a86e4667db6e007247e2cf345afe7e115e8c2be
sha512: db14b76c55b9f0e4849a45a8e9de9976693236eb2b3e136342757773b2e9d2c29331417047545d3d7c1d07c971e1f700930e5b6bd67d8c9deae7594a464e5a0c
ssdeep: 24576:Rpo/2+ttPJLfpRK3CyftRI0ozeUpo/2+ttPJLfd:Qe2PJLa3CyfvI0oze9e2PJLl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F445BF13B7C280F2D9523D711177E32AAB3979164326C6D7EFE12D628E21470DE3A366
sha3_384: 902e7b8c28eb7fb88ac0af44c250328483d12ee7b79eeb3a03fa495aa1fd4a5fac09497c1cd97bebfe59ec06f5ba65a1
ep_bytes: e8c4af0000e979feffff8bff558bec8b
timestamp: 2008-12-07 04:12:59


Version Info:

FileVersion: 1,1,1
Product Name: google
Original Name: scvhost.exe
Company: windows
Translation: 0x0809 0x04b0

Malware.AI.1554129049 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.StartPage.39734
MicroWorld-eScanWin32.Worm.Sohanat.BX
FireEyeGeneric.mg.bf21732a8aeaf1a6
McAfeeW32/Worm-FIC!BF21732A8AEA
CylanceUnsafe
ZillyaWorm.AutoItGen.Win32.65
Cybereasonmalicious.a8aeaf
BitDefenderThetaAI:Packer.D8EF497716
VirITWorm.Win32.AutoIt.RU
CyrenW32/AutoIt.AG.gen!Eldorado
SymantecW32.Imaut!gen1
ESET-NOD32Win32/Sohanad.NFJ
TrendMicro-HouseCallTROJ_PAM_0000010191.T3
ClamAVWin.Trojan.Autoit-73
KasperskyWorm.Win32.AutoIt.ru
BitDefenderWin32.Worm.Sohanat.BX
NANO-AntivirusTrojan.Script.AutoIt.dcowcx
SUPERAntiSpywareTrojan.Agent/Gen-PlusX
AvastAutoIt:AutoRun-B@BC [Wrm]
TencentWorm.Win32.Sohanat.aac
SophosML/PE-A + W32/AutoIt-IN
BaiduWin32.Worm.Sohanad.bh
TrendMicroTSPY_AUTOIT_CD100244.RDXN
McAfee-GW-EditionBehavesLike.Win32.Sality.th
EmsisoftWin32.Worm.Sohanat.BX (B)
IkarusWorm.Win32.AutoIt
JiangminWorm.Autoit.mg
AviraHEUR/AGEN.1111271
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASCommon.11C
MicrosoftPWS:Win32/Zbot!ml
GDataWin32.Worm.Sohanat.BX
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Hakaglan.R228874
VBA32Trojan-Downloader.Autoit.gen
ALYacWin32.Worm.Sohanat.BX
MalwarebytesMalware.AI.1554129049
APEXMalicious
RisingWorm.IM.Win32.YahooMsg.b (RDMK:cmRtazo0L4XUzQPDZewNho2E8z0b)
YandexWorm.AutoIt.ZE
SentinelOneStatic AI – Malicious PE
MaxSecureWorm.Win32.AutoIt.QN
FortinetW32/AutoIt.IN!worm
AVGAutoIt:AutoRun-B@BC [Wrm]
PandaTrj/Autoit.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1554129049?

Malware.AI.1554129049 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment