Malware

About “Malware.AI.161823678” infection

Malware Removal

The Malware.AI.161823678 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.161823678 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine Malware.AI.161823678?



File Info:

name: 60E23E2476FB0F07A130.mlw
path: /opt/CAPEv2/storage/binaries/a618fdbcb7ca7474b886ebef665b505d31dce4964ad6eaea3d7ba43503c7d67b
crc32: 8AFEF8A8
md5: 60e23e2476fb0f07a130fb49bb115b06
sha1: b6daeed49d343369ed3e7e2ab152b5c4b47fb0b7
sha256: a618fdbcb7ca7474b886ebef665b505d31dce4964ad6eaea3d7ba43503c7d67b
sha512: c651b694d215a2758325b47b5c3f7c699577f2b0cf89407dd6a17377ca5213b98815d770013be2b72b06c3e230767739d639653cdfed306fd3f7a815e21e2a9a
ssdeep: 6144:QDKW1Lgbdl0TBBvjc/ix4O1yGCO/gAT/wFdX:2h1Lk70TnvjcKx45GCO/3TsdX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12744DF2175D1C1F2C5B6007048E6EB769A3A3072076A9AD7BEDD17BA6F213D1A3321CD
sha3_384: 6fc3455431b7ef631b3a5fff910f8333a43f92bdb7e3671a120a36be319eef8e40a6ebc68bf9b97c99b90fed4d1e95aa
ep_bytes: e8e15c0000e9a4feffff8bff558bec83
timestamp: 2012-07-13 22:47:16


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.7.0
InternalName: Client.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: Client.exe
ProductName: 
ProductVersion: 1.0.7.0
Assembly Version: 1.0.7.0

Malware.AI.161823678 also known as:

LionicTrojan.MSIL.Convagent.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.404250
CAT-QuickHealBackdoor.MSIL
McAfeeArtemis!60E23E2476FB
K7AntiVirusTrojan ( 0057bec01 )
BitDefenderGen:Variant.Zusy.404250
K7GWTrojan ( 0057bec01 )
ArcabitTrojan.Zusy.D62B1A
CyrenW32/Trojan.DAN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.DIZ
APEXMalicious
ClamAVWin.Malware.Enigmaprotector-9874743-0
KasperskyBackdoor.MSIL.Crysan.dhn
AlibabaBackdoor:MSIL/Crysan.7568834d
RisingTrojan.Generic@ML.99 (RDMK:1G2No9LIK3r7DlR4H0qtnw)
Ad-AwareGen:Variant.Zusy.404250
EmsisoftGen:Variant.Zusy.404250 (B)
DrWebWin32.HLLW.Autoruner.25074
TrendMicroTROJ_GEN.R049C0GLB21
FireEyeGeneric.mg.60e23e2476fb0f07
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1142298
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.34E6F40
GridinsoftRansom.Win32.Sabsik.sa
GDataGen:Variant.Zusy.404250
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win.Generic.C4826064
Acronissuspicious
ALYacGen:Variant.Zusy.404250
TACHYONTrojan/W32.Zapchast.265216.B
VBA32Backdoor.MSIL.Convagent
MalwarebytesMalware.AI.161823678
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R049C0GLB21
TencentMsil.Backdoor.Crysan.Wozq
YandexBackdoor.Crysan!PTI11uQTl1M
IkarusTrojan.MSIL.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.DIZ!tr
BitDefenderThetaGen:NN.ZexaF.34084.qq0@aGJ6xbb
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.49d343
AvastWin32:PWSX-gen [Trj]

How to remove Malware.AI.161823678?

Malware.AI.161823678 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment