Malware

Malware.AI.1591062859 information

Malware Removal

The Malware.AI.1591062859 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.1591062859 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection

How to determine Malware.AI.1591062859?


File Info:

name: 81C17344C9681995B614.mlw
path: /opt/CAPEv2/storage/binaries/4aadd523d8637d2fc0a18e5cb120a8329c54f243b4461da41467a67bad6636ab
crc32: CF3A30E6
md5: 81c17344c9681995b6147f9dcbc1fcc3
sha1: b7d9c80cac59a91a3cd65cf3045bdc8463730069
sha256: 4aadd523d8637d2fc0a18e5cb120a8329c54f243b4461da41467a67bad6636ab
sha512: 382ac8973b6c6d800858c149966184dd79219bca70598148e571fcd3ad212c1b86aad6908343f6d4742c9096b79c82141ae2dc82105b9abf8aee6ecceb10aff3
ssdeep: 12288:0a6SX/CfmDHNrVZh7V6YneU48yWYyqW+fA0lev:0a6SXs4trB7V6YleWYyqn/lq
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T18DE48E649212F0E9C12ADD38F1DAF5B0CD947E70230AB40EADDA9FFBE16875583A4543
sha3_384: 1ce8637526b5f8d5750c0cb14395a4fbcc0292bb9f431745ebbfa2bd70ff3e61155b10c1d98d2dd4c22eda9eb21989ae
ep_bytes: 5653522bf683c630648b1e518b4b084b
timestamp: 2010-11-02 04:00:01

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Command Processor
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName: cmd
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: Cmd.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7601.17514
Translation: 0x0409 0x04b0

Malware.AI.1591062859 also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanWin32.Expiro.Gen.6
FireEyeGeneric.mg.81c17344c9681995
ALYacWin32.Expiro.Gen.6
MalwarebytesMalware.AI.1591062859
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 00580a951 )
K7GWVirus ( 00580a951 )
Cybereasonmalicious.4c9681
CyrenW32/Expiro.CG
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Expiro.CP
APEXMalicious
ClamAVWin.Virus.Expiro-9916532-0
BitDefenderWin32.Expiro.Gen.6
NANO-AntivirusVirus.Win32.Gen.ccmw
TencentVirus.Win32.Expiro.ns
Ad-AwareWin32.Expiro.Gen.6
Trapminemalicious.high.ml.score
EmsisoftWin32.Expiro.Gen.6 (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Manuscrypt.l
AviraTR/Patched.Gen
GDataWin32.Expiro.Gen.6
CynetMalicious (score: 100)
VBA32BScope.Trojan.Wacatac
MAXmalware (ai score=80)
FortinetW32/Xpirat.C
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Malware.AI.1591062859?

Malware.AI.1591062859 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment