Categories: Malware

About “Malware.AI.161823678” infection

The Malware.AI.161823678 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.161823678 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family
Anomalous binary characteristics

How to determine Malware.AI.161823678?


File Info:
name: 60E23E2476FB0F07A130.mlwpath: /opt/CAPEv2/storage/binaries/a618fdbcb7ca7474b886ebef665b505d31dce4964ad6eaea3d7ba43503c7d67bcrc32: 8AFEF8A8md5: 60e23e2476fb0f07a130fb49bb115b06sha1: b6daeed49d343369ed3e7e2ab152b5c4b47fb0b7sha256: a618fdbcb7ca7474b886ebef665b505d31dce4964ad6eaea3d7ba43503c7d67bsha512: c651b694d215a2758325b47b5c3f7c699577f2b0cf89407dd6a17377ca5213b98815d770013be2b72b06c3e230767739d639653cdfed306fd3f7a815e21e2a9assdeep: 6144:QDKW1Lgbdl0TBBvjc/ix4O1yGCO/gAT/wFdX:2h1Lk70TnvjcKx45GCO/3TsdXtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12744DF2175D1C1F2C5B6007048E6EB769A3A3072076A9AD7BEDD17BA6F213D1A3321CDsha3_384: 6fc3455431b7ef631b3a5fff910f8333a43f92bdb7e3671a120a36be319eef8e40a6ebc68bf9b97c99b90fed4d1e95aaep_bytes: e8e15c0000e9a4feffff8bff558bec83timestamp: 2012-07-13 22:47:16
Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: FileVersion: 1.0.7.0InternalName: Client.exeLegalCopyright: LegalTrademarks: OriginalFilename: Client.exeProductName: ProductVersion: 1.0.7.0Assembly Version: 1.0.7.0

Malware.AI.161823678 also known as:

Lionic	Trojan.MSIL.Convagent.m!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.404250
CAT-QuickHeal	Backdoor.MSIL
McAfee	Artemis!60E23E2476FB
K7AntiVirus	Trojan ( 0057bec01 )
BitDefender	Gen:Variant.Zusy.404250
K7GW	Trojan ( 0057bec01 )
Arcabit	Trojan.Zusy.D62B1A
Cyren	W32/Trojan.DAN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.DIZ
APEX	Malicious
ClamAV	Win.Malware.Enigmaprotector-9874743-0
Kaspersky	Backdoor.MSIL.Crysan.dhn
Alibaba	Backdoor:MSIL/Crysan.7568834d
Rising	Trojan.Generic@ML.99 (RDMK:1G2No9LIK3r7DlR4H0qtnw)
Ad-Aware	Gen:Variant.Zusy.404250
Emsisoft	Gen:Variant.Zusy.404250 (B)
DrWeb	Win32.HLLW.Autoruner.25074
TrendMicro	TROJ_GEN.R049C0GLB21
FireEye	Generic.mg.60e23e2476fb0f07
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Webroot	W32.Adware.Gen
Avira	HEUR/AGEN.1142298
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Generic.ASMalwS.34E6F40
Gridinsoft	Ransom.Win32.Sabsik.sa
GData	Gen:Variant.Zusy.404250
Cynet	Malicious (score: 100)
AhnLab-V3	Dropper/Win.Generic.C4826064
Acronis	suspicious
ALYac	Gen:Variant.Zusy.404250
TACHYON	Trojan/W32.Zapchast.265216.B
VBA32	Backdoor.MSIL.Convagent
Malwarebytes	Malware.AI.161823678
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R049C0GLB21
Tencent	Msil.Backdoor.Crysan.Wozq
Yandex	Backdoor.Crysan!PTI11uQTl1M
Ikarus	Trojan.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DIZ!tr
BitDefenderTheta	Gen:NN.ZexaF.34084.qq0@aGJ6xbb
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.49d343
Avast	Win32:PWSX-gen [Trj]