Malware

Malware.AI.1602793581 malicious file

Malware Removal

The Malware.AI.1602793581 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1602793581 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Malware.AI.1602793581?



File Info:

name: E0DFFEDBFC224AC4D137.mlw
path: /opt/CAPEv2/storage/binaries/7d1263c9f695b88fc930a4ffafd6f98f3ffb71025dcc9afe68c32bd0d16edd49
crc32: EB80D4A6
md5: e0dffedbfc224ac4d137654e45d264db
sha1: 88a416967a91762a7166a72eb4dea7d69e90eab9
sha256: 7d1263c9f695b88fc930a4ffafd6f98f3ffb71025dcc9afe68c32bd0d16edd49
sha512: e541e01963437a885ae6bff15b306a2e30e91a3636befb041797f38d5ab6c7700538b8a3279dc9d9a420d4501177e4f1744cd5494ad908c77a64f50bc5671ddc
ssdeep: 384:RlFguo6jfzv48odOokQ7MNxQqEBx/+uV+R7PBYfwQb4qcNeLNek+vD:HsizxNqqk+lrBFQE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19BA24C35B30C452BE8644AFA4D7352580339FA035419E98E3EC91D8F5EA3F60C512F9B
sha3_384: 7f5b446089eced4352f4b946e3a1f0a261adba742aafba34aaa0bf497885b2a9573fc7d131749c72431d153beaa3a28b
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-02-27 18:47:19


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: zjGSwHhJjYwinJNiMnJW.exe
LegalCopyright:  
OriginalFilename: zjGSwHhJjYwinJNiMnJW.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.1602793581 also known as:

LionicRiskware.Win32.Generic.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Adware.PCMega.1
FireEyeGeneric.mg.e0dffedbfc224ac4
McAfeePUP-FBB
MalwarebytesMalware.AI.1602793581
VIPRETrojan.MSIL.Reveton.a (v)
K7AntiVirusTrojan ( 700000121 )
AlibabaAdWare:MSIL/Midia.de52ec91
K7GWTrojan ( 700000121 )
VirITTrojan.Win32.DownLoader8.UVR
CyrenW32/MSIL_Dloader.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Adware.PCMega.H
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:HEUR:AdWare.MSIL.Midia.gen
BitDefenderGen:Variant.Adware.PCMega.1
NANO-AntivirusTrojan.Win32.RiskGen.dcurxx
SUPERAntiSpywareAdware.PCMega
AvastFileRepMalware [PUP]
TencentMsil.Adware.Pcmega.Akff
TACHYONTrojan/W32.DN-Small.21504.AC
EmsisoftGen:Variant.Adware.PCMega.1 (B)
ComodoTrojWare.MSIL.TrojanDownloader.Agent.BCG@4veuin
DrWebTrojan.DownLoader8.14083
ZillyaAdware.PCMega.Win32.307
TrendMicroTROJ_FRS.0NA103BL20
McAfee-GW-EditionPUP-FBB
SophosGeneric PUA II (PUA)
IkarusPUA.SoftwareBundler
JiangminTrojan/Foreign.cnb
eGambitGeneric.Adware
AviraADWARE/Adware.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.12E5E8
MicrosoftBackdoor:Win32/Bladabindi!ml
ZoneAlarmnot-a-virus:HEUR:AdWare.MSIL.Midia.gen
GDataGen:Variant.Adware.PCMega.1
CynetMalicious (score: 99)
AhnLab-V3Win-Trojan/Agent.21504.VQ
BitDefenderThetaGen:NN.ZemsilF.34182.bm0@aeJ66si
ALYacGen:Variant.Adware.PCMega.1
MAXmalware (ai score=99)
VBA32Hoax.Foreign
CylanceUnsafe
TrendMicro-HouseCallTROJ_FRS.0NA103BL20
SentinelOneStatic AI – Suspicious PE
FortinetAdware/PCMega
WebrootW32.Trojan.Gen
AVGFileRepMalware [PUP]
Cybereasonmalicious.bfc224
PandaTrj/Dtcontx.B

How to remove Malware.AI.1602793581?

Malware.AI.1602793581 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment