Malware

Malware.AI.1649200958 (file analysis)

Malware Removal

The Malware.AI.1649200958 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1649200958 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Malware.AI.1649200958?



File Info:

name: 6487ABA29185D680850B.mlw
path: /opt/CAPEv2/storage/binaries/ff482efa554a2575568ca3729787014c57d59a1680bffab5d4917e168264768f
crc32: 89C1E1BC
md5: 6487aba29185d680850b683200ac68f8
sha1: ca16f2a3aac7176c85e6c81a702994f171bcd9ac
sha256: ff482efa554a2575568ca3729787014c57d59a1680bffab5d4917e168264768f
sha512: dd822335a7da9129b8b95a3902e0841f44a87d68d120e86cf23b5e8ac83f43e6f95999de471c1f2975ce3acc7eaa76342f3d8379635086f0e4c2c86cff709ede
ssdeep: 24576:BjtC6RxD1hMbipXcvvX8wirRtcuO2hl5GdYquD+oHlG4Xt4JgPJCj8zDVpJEn:BjtxttI2vquflG4XtggPJMjn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17745AE23F18280F2C728113118FB1735FEB897565A70CA9BE7D4DE781D63251AB6B21E
sha3_384: eee598d350563fd48134014c015013d863116801db7176469df60203c86d104984aae1d7da89863b3a13c27da4c06675
ep_bytes: 558bec6aff68c0cd500068948b4b0064
timestamp: 2022-07-26 12:39:36


Version Info:

FileVersion: 1.0.0.0
FileDescription: Windows 配置程序
ProductName: Windows TM
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Malware.AI.1649200958 also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
DrWebTrojan.MulDrop20.45437
MicroWorld-eScanGen:Variant.Zusy.392985
FireEyeGeneric.mg.6487aba29185d680
CAT-QuickHealRisktool.Flystudio.16882
CylanceUnsafe
ZillyaTrojan.Flyagent.Win32.756
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.29185d
BitDefenderThetaGen:NN.ZexaF.34606.or2@a4eYetib
CyrenW32/OnlineGames.HI.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Flyagent.NGX
APEXMalicious
ClamAVWin.Malware.FlyAgent-9850229-1
KasperskyUDS:Trojan.Win32.Agent
BitDefenderGen:Variant.Zusy.392985
NANO-AntivirusTrojan.Win32.Flyagent.jrdoip
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Flyagent.16000183
Ad-AwareGen:Variant.Zusy.392985
EmsisoftGen:Variant.Zusy.392985 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
VIPREGen:Variant.Zusy.392985
McAfee-GW-EditionBehavesLike.Win32.Generic.th
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.Flyagent.A
JiangminTrojan.Fsysna.nqb
GoogleDetected
AviraBDS/Agent.vfmhd
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.BHO.C23372
VBA32BScope.Trojan.Dynamer
ALYacGen:Variant.Zusy.392985
TACHYONTrojan/W32.Agent.1279192
MalwarebytesMalware.AI.1649200958
RisingSpyware.Keylogger!1.65B5 (CLASSIC)
YandexTrojan.GenAsa!UMACS2Wk+V8
IkarusTrojan-PSW.QQpass
MaxSecureDropper.Dinwod.frindll
FortinetW32/Flyagent.NGX!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1649200958?

Malware.AI.1649200958 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment