Malware

How to remove “Malware.AI.1591420321”?

Malware Removal

The Malware.AI.1591420321 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1591420321 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Malware.AI.1591420321?



File Info:

name: F0F7471F1AD85EA69109.mlw
path: /opt/CAPEv2/storage/binaries/21ab2d05e5798775d38425bfd0287a3d45e0e6c6f6c3a57e4b08f147326bf2e4
crc32: 9650FCA4
md5: f0f7471f1ad85ea69109c94ddd791e6a
sha1: 89ae2fab86dd13c00efebd67f3cc090a97e19caa
sha256: 21ab2d05e5798775d38425bfd0287a3d45e0e6c6f6c3a57e4b08f147326bf2e4
sha512: d14e9885cfe82fb70c58ff52170ee8dab2b42edd3c3b79d5fbcd2aacfcb12ccbae91556e0fa44d1d12b9a2107cdefa771cb9e598a4f5bf443fff731e6b5c1a8a
ssdeep: 1536:YHuDYO9JaBzVYYiNM40kDyBedb3m5wdadxnNZdlE8yc:YH5OqkY/40lUb25wgdx3M8T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1915302F65391583AFCCF97355C0C65D799E0B259AEEEC30213B142DA2A717AF391012A
sha3_384: fb7a351aa74a66b216a75056a0b411d24286cc4f5436b21106ed2a539cd25807b52d7f144992971812f0fd597a83cd62
ep_bytes: 60be219042008dbedf7ffdff5783cdff
timestamp: 2007-01-23 06:48:00


Version Info:

CompanyName: OQ SOFTWIN
FileDescription: OQ BitDefender
FileVersion: 328
InternalName: Ulikw
LegalCopyright: Copyright © Ulikw Software 2002-2008
OriginalFilename: Ulikw.exe
ProductName: Ulikw Hrxsilr Hrrrnbelu
ProductVersion: 6.6
Translation: 0x0409 0x04e4

Malware.AI.1591420321 also known as:

BkavW32.SasfisQKC.Fam.Trojan
DrWebTrojan.Hottrend
MicroWorld-eScanGen:Variant.Zbot.41
FireEyeGeneric.mg.f0f7471f1ad85ea6
ALYacGen:Variant.Zbot.41
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.f1ad85
BitDefenderThetaGen:NN.ZexaF.34712.dmLfa0QFZdac
VirITTrojan.Win32.Generic.BPDL
CyrenW32/Oficla.AI.gen!Eldorado
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Kryptik.MMV
TrendMicro-HouseCallTROJ_SHIZ.SMXA
ClamAVWin.Trojan.Menti-763
KasperskyTrojan.Win32.Menti.gena
BitDefenderGen:Variant.Zbot.41
NANO-AntivirusTrojan.Win32.Menti.dgkbf
SUPERAntiSpywareTrojan.Agent/Gen-Falprod[Cont]
AvastWin32:Crypt-JAM [Trj]
TencentMalware.Win32.Gencirc.10cc5fd3
Ad-AwareGen:Variant.Zbot.41
EmsisoftGen:Variant.Zbot.41 (B)
ZillyaTrojan.Menti.Win32.2995
TrendMicroTROJ_SHIZ.SMXA
McAfee-GW-EditionW32/Pinkslipbot.gen.as
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Mal/Zbot-CX
IkarusTrojan.Win32.Menti
JiangminBackdoor/Buterat.ml
AviraTR/Crypt.ULPM.Gen
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Vundo
ArcabitTrojan.Zbot.41
ZoneAlarmTrojan.Win32.Menti.gena
GDataGen:Variant.Zbot.41
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Menti.R495640
McAfeeGenericRXAA-AA!F0F7471F1AD8
VBA32BScope.Trojan-Dropper.TDSS.01313
MalwarebytesMalware.AI.1591420321
APEXMalicious
YandexTrojan.GenAsa!PIKaOg7AuE4
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Menti.IEP!tr
AVGWin32:Crypt-JAM [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Malware.AI.1591420321?

Malware.AI.1591420321 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment