Malware

Malware.AI.1704074976 (file analysis)

Malware Removal

The Malware.AI.1704074976 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1704074976 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to modify desktop wallpaper
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Malware.AI.1704074976?



File Info:

name: 949AF14E93A01155C709.mlw
path: /opt/CAPEv2/storage/binaries/74bd4e95984a4a9325c67e9b161d4adb20c9baebadbe940b0c010a377cc01d48
crc32: 0F40C858
md5: 949af14e93a01155c709fa4d2f53c5b8
sha1: b5a0a59a44a313e998e41ef6d68a5ad0710be73c
sha256: 74bd4e95984a4a9325c67e9b161d4adb20c9baebadbe940b0c010a377cc01d48
sha512: 93d70053bf06d78d3ed1e89a7fdccf3c91ba475dca3556cee8318565722c734df08be526b0062724b76305a43bbd1f83f97fc88a56927f586689bbaef6c9fd04
ssdeep: 98304:HRmF5BsA6X49lhmB/ajmSlMXe0L57x3ktDRl:HRmF7slX43YB/gfee0FtUt3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10106334BF18095BBCD8F4DB5707E44FC2E5EB2B881A05BA25267841A75D3AE377F100A
sha3_384: fc658c2548131a72ea495fb369fd317255879e748f755dbf25931ccf45686dc776336a35552dd067beaa1cb4405034d0
ep_bytes: 81ecd4020000535556576a2033db5e89
timestamp: 2013-09-17 08:05:21


Version Info:

Comments: channel1
CompanyName: Tencent Corporation
FileDescription: QQLive Installer Application
FileVersion: 9.7.793.0
LegalCopyright: (C) Tencent Corporation. All rights reserved.
OriginalFilename: QQLiveSetup.exe
ProductName: QQLive
Translation: 0x0000 0x04b0

Malware.AI.1704074976 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
McAfeeArtemis!949AF14E93A0
CylanceUnsafe
K7AntiVirusAdware ( 00508ea31 )
K7GWAdware ( 00508ea31 )
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/Tencent.I potentially unwanted
Paloaltogeneric.ml
ClamAVWin.Virus.Sality-6792404-0
NANO-AntivirusTrojan.Nsis.Blackmailer.dsmxwq
TencentTrojan.Win32.BitCoinMiner.la
DrWebTrojan.DownLoader23.35163
McAfee-GW-EditionBehavesLike.Win32.BadFile.wc
SophosGeneric PUA LF (PUA)
MicrosoftPUA:Win32/Puamson.A!ml
VBA32Trojan.Downloader
MalwarebytesMalware.AI.1704074976
FortinetRiskware/Tencent
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.1704074976?

Malware.AI.1704074976 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment