Malware.AI.1681308215 removal tips

Malware Removal

The Malware.AI.1681308215 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.1681308215 virus can do?

  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Malware.AI.1681308215?

File Info:

name: 0A1E64511DA5CA34DACF.mlw
path: /opt/CAPEv2/storage/binaries/94b1bfd89dc8d3283d836cd3fb7aa9f3854619bba8bb95b16a58d69e66d35849
crc32: 44181794
md5: 0a1e64511da5ca34dacfee5d8e4c2e92
sha1: 610d61e6ea0ec280f67b680a54b64748882d24a6
sha256: 94b1bfd89dc8d3283d836cd3fb7aa9f3854619bba8bb95b16a58d69e66d35849
sha512: c303302c6e4b9167a0752e5ceb3d93f88ea5bc3a5a0bfc017e3e77ef02b936446057bdd3a7f5fe8ae787671c225b35d6ba16ab1480fc2d20a9757acbafef852b
ssdeep: 12288:AkknrXxtyxmzIJ0FONEZH20oG2IHsLcQQxqzvN7CYCakhsUuA4w38gJOJgZL8ms:3+AKFOaHF2I7QQ1YXDwdJOOZoms
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15B0523D3A7A175E2DCD613748E06DC09F9B72CD881219EE62EE06B1F6D311ED250DA0B
sha3_384: 65f9d24bbbb1b27cb0ed6e70021ea71dc37a173928e5c78e8eaf2b1ba4b2836dab47802e10b775fee0597ef1ba601502
ep_bytes: 60c744241c37cefea766c7042405d760
timestamp: 2013-03-10 04:21:58

Version Info:

Translation: 0x0804 0x04b0
Comments: 牛盾卸载程序
CompanyName: 牛盾
FileDescription: 牛盾卸载程序
ProductName: 牛盾卸载程序
FileVersion: 1.00
ProductVersion: 1.00
InternalName: NiuDun_Uninstall
OriginalFilename: NiuDun_Uninstall.exe

Malware.AI.1681308215 also known as:

Elasticmalicious (high confidence)
RisingTrojan.Generic!8.C3 (TFE:1:wRb0ZkMPeGF)
SentinelOneStatic AI – Suspicious PE
CynetMalicious (score: 100)

How to remove Malware.AI.1681308215?

Malware.AI.1681308215 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment