Malware

Malware.AI.1613288217 malicious file

Malware Removal

The Malware.AI.1613288217 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1613288217 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Malware.AI.1613288217?



File Info:

name: EA13DFEC9321EBE19CCE.mlw
path: /opt/CAPEv2/storage/binaries/e3a2c090f5e78fc1396694b11891523fc1a8208258f6b9c7d501a2e171f7782e
crc32: 6FC7F0CF
md5: ea13dfec9321ebe19cce64ec6fc5431b
sha1: 22523cb88010929eeac1e8eb2ca58b7409039679
sha256: e3a2c090f5e78fc1396694b11891523fc1a8208258f6b9c7d501a2e171f7782e
sha512: b967520ad6f64b260eb3a06bc3d99cc0f584cb60e714394be9eac2e3d6b2bc70a3756c0303c128ac1e9db783d1c9c041bebda2ff53d8ae358b48efd025eac362
ssdeep: 6144:Ki6AW1LHZvNeiHgxeYBer1wXDEZzy/iJZ:KilWxBAx7+cAZzMg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C44AD0FBF6BBB92CA49CEBBC413250803F59856A171F22F5DC969F01D36BD4C58A921
sha3_384: ced7ab816a2b9005c9f431dd4684b31520e07222cd52e3b8c7854ddb05d1a5d0ccd2df2699f884447c4e76d98e8448fa
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-08-04 09:31:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft
FileVersion: 10.0.30319.1 built by: RTMRel
InternalName: devenv.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: devenv.exe
ProductName: Microsoft®
ProductVersion: 10.0.30319.1
Translation: 0x0409 0x04b0

Malware.AI.1613288217 also known as:

LionicTrojan.Win32.Generic.lsjW
Elasticmalicious (high confidence)
DrWebTrojan.Starter.2890
MicroWorld-eScanGen:Heur.MSIL.Krypt.!cdmip!.2
FireEyeGeneric.mg.ea13dfec9321ebe1
McAfeeArtemis!EA13DFEC9321
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0049b7451 )
AlibabaTrojan:MSIL/Kryptik.b41f73a6
K7GWTrojan ( 0049b7451 )
Cybereasonmalicious.c9321e
BitDefenderThetaGen:NN.ZemsilF.34182.qm0@a88MJ0gi
CyrenW32/MSIL_Kryptik.HT.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of MSIL/Kryptik.YL
TrendMicro-HouseCallTROJ_GEN.R002C0OK321
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.MSIL.Krypt.!cdmip!.2
NANO-AntivirusTrojan.Win32.Disfa.cuyyww
AvastMSIL:GenMalicious-ATV [Trj]
TencentWin32.Trojan.Generic.Ajlb
Ad-AwareGen:Heur.MSIL.Krypt.!cdmip!.2
SophosMal/Generic-R + Mal/Bladabi-J
ComodoMalware@#38wwfdc4vm7s6
ZillyaTrojan.Kryptik.Win32.3666140
TrendMicroTROJ_GEN.R002C0OK321
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
EmsisoftGen:Heur.MSIL.Krypt.!cdmip!.2 (B)
IkarusTrojan-Spy.HawkEye
GDataGen:Heur.MSIL.Krypt.!cdmip!.2
JiangminTrojan.Generic.ftjpe
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1120355
Antiy-AVLTrojan/Generic.ASMalwS.B5D8BC
KingsoftWin32.Troj.Undef.(kcloud)
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Anaki.A!gfc
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Bladabindi.C230655
VBA32TScope.Trojan.MSIL
ALYacGen:Heur.MSIL.Krypt.!cdmip!.2
MAXmalware (ai score=100)
MalwarebytesMalware.AI.1613288217
APEXMalicious
RisingDropper.Runp!1.9DE7 (CLASSIC)
YandexTrojan.Agent!wjy9rlEkAkI
SentinelOneStatic AI – Malicious PE
FortinetW32/Generic.YL!tr
AVGMSIL:GenMalicious-ATV [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1613288217?

Malware.AI.1613288217 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment