Malware

Malware.AI.1691162887 removal guide

Malware Removal

The Malware.AI.1691162887 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1691162887 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Malware.AI.1691162887?



File Info:

name: C8DD82F985BF55F0FF86.mlw
path: /opt/CAPEv2/storage/binaries/3ec808c5b51a4da6380b7a89479b9a4590f9bef98ffbd660849b894ea9df8e18
crc32: C8A61A29
md5: c8dd82f985bf55f0ff86321142051a01
sha1: e9d81ef6c76708c4dad4fdbf59a38afb1b8cdad5
sha256: 3ec808c5b51a4da6380b7a89479b9a4590f9bef98ffbd660849b894ea9df8e18
sha512: e291cbcd61d323d1a1a75e3f839303cef3d49c8b8043c070cb4ced0c6f45912588c1bfd53e3224a42ce0d9b22802fb965e792903840d7e4cc41b98f6afcef7f9
ssdeep: 1536:UPQc0IiI+7vAIIzuQ8Tr15WUkTdIOzq0ZDFtnJvx/mPMdPzEqQAmzSETx9:uQc01zAf6QGkBIO20ZRfveMpKAzI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T120936D1577CC4AA6C2EE07B890B343664BB1E867B507D30F5EE464FB2C6338096526A7
sha3_384: e4e1fbaf6d7b3fce198795d83bb1b1ffd1aa8a49f093be299a12bf49cc22f26fc0b5b390a201e778dd5a4648477a1919
ep_bytes: ff250020400000000000000000000000
timestamp: 2012-06-02 12:12:48


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Security Client Policy Configuration Tool
FileVersion: 4.18.18362.1 (WinBuild.160101.0800)
InternalName: ConfigSecurityPolicy.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: ConfigSecurityPolicy.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 4.18.18362.1
Translation: 0x0409 0x04b0

Malware.AI.1691162887 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.MulDrop20.13470
MicroWorld-eScanGen:Variant.MSILPerseus.193277
FireEyeGeneric.mg.c8dd82f985bf55f0
ALYacGen:Variant.MSILPerseus.193277
CylanceUnsafe
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34742.fm0@aafOHmbi
CyrenW32/MSIL_Agent.DJX.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Agent.EF
ClamAVWin.Virus.Renamer-9953540-0
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderGen:Variant.MSILPerseus.193277
AvastWin32:MalwareX-gen [Trj]
Ad-AwareGen:Variant.MSILPerseus.193277
SophosMSIL/Grenam-A
McAfee-GW-EditionGenericRXTG-FA!C8DD82F985BF
SentinelOneStatic AI – Suspicious PE
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.MSILPerseus.193277 (B)
IkarusWorm.MSIL.Bladabindi
GDataGen:Variant.MSILPerseus.193277
AviraHEUR/AGEN.1235262
ArcabitTrojan.MSILPerseus.D2F2FD
MicrosoftVirus:MSIL/Grenam.gen!A
CynetMalicious (score: 100)
McAfeeGenericRXTG-FA!C8DD82F985BF
MalwarebytesMalware.AI.1691162887
APEXMalicious
RisingVirus.Grenam!1.A2DD (CLASSIC)
MAXmalware (ai score=81)
FortinetMSIL/Agent.EF!worm
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.985bf5

How to remove Malware.AI.1691162887?

Malware.AI.1691162887 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment