Malware

Malware.AI.1591888103 removal guide

Malware Removal

The Malware.AI.1591888103 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1591888103 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity

How to determine Malware.AI.1591888103?



File Info:

name: 21E937098D129DE1DFE9.mlw
path: /opt/CAPEv2/storage/binaries/c8457825bdc62d068b45704bd626fe72e33a393431957478da9d702d84ffb94c
crc32: 663C57FA
md5: 21e937098d129de1dfe9507cc5be8cc5
sha1: d00f8244b58402c00c1f15429bf577d563a833ef
sha256: c8457825bdc62d068b45704bd626fe72e33a393431957478da9d702d84ffb94c
sha512: 5d6c209e4e024d63d24ce0ca8cce363c0b1a16bb73737f569b39912aeeceba409d24165b5cd4cd98315f9d8f25419cb407dc282c51d5ff2dedcf53d92c3713a2
ssdeep: 98304:F3X+3huRPvJPJb03Ka5FJVkqvACECSSRPx2HP7moJWTl7Pile+tF4s7kylAq3uhk:4APvJl037VZx6DbW0legF4YlupR4r+4H
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F636DE4E4D01A534DEC08CF093D2AAF5EC177C1307722652BF4ABA8539F5EB15993A2E
sha3_384: 962e3ad7382df1fbf90a7c5fe07dbe0ff3e0f750b9f40b4efc17754900ce7e908dbce9ebd6c06c577342cd6717fd23df
ep_bytes: 60be004049008dbe00d0f6ff57eb0b90
timestamp: 2021-09-15 02:50:08


Version Info:

FileVersion: 1.0.0.0
FileDescription: 360软件管家
ProductName: 360软件管家
ProductVersion: 1.0.0.0
CompanyName: 360软件管家
LegalCopyright: 360软件管家
Comments: 360软件管家
Translation: 0x0804 0x04b0

Malware.AI.1591888103 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Wsgame.53822
MicroWorld-eScanTrojan.PWS.Agent.SVT
FireEyeGeneric.mg.21e937098d129de1
CAT-QuickHealTrojan.Generic.2919
McAfeeGenericRXAA-AA!21E937098D12
CylanceUnsafe
ZillyaTrojan.Steam.Win32.3484
SangforTrojan.Win32.Save.a
BitDefenderThetaGen:NN.ZexaF.34182.@pKfauUaimlb
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/PSW.Steam.NGA
ClamAVWin.Malware.Vmprotect-6824127-0
KasperskyVHO:Packed.Win32.Convagent.gen
BitDefenderTrojan.PWS.Agent.SVT
AvastWin32:TrojanX-gen [Trj]
SophosGeneric ML PUA (PUA)
ComodoPacked.Win32.MUPX.Gen@24tbus
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
EmsisoftTrojan.PWS.Agent.SVT (B)
SentinelOneStatic AI – Malicious PE
AviraTR/PSW.Steam.eqtqz
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.PSE.5LSHNI
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4208472
VBA32BScope.Trojan.Downloader
MAXmalware (ai score=85)
MalwarebytesMalware.AI.1591888103
APEXMalicious
RisingStealer.Agent!1.D531 (RDMK:cmRtazqMSRuxIPbN7yJlJshuNn7h)
YandexTrojan.Agent!xda61uLJ76A
IkarusTrojan.Win32.FlyAgent
eGambitUnsafe.AI_Score_100%
FortinetW32/CoinMiner.ELG!tr.pws
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.4b5840

How to remove Malware.AI.1591888103?

Malware.AI.1591888103 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment