Malware

How to remove “Malware.AI.1709004243”?

Malware Removal

The Malware.AI.1709004243 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1709004243 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Malware.AI.1709004243?



File Info:

name: B613F4C9C7DA22EADFA5.mlw
path: /opt/CAPEv2/storage/binaries/11cc4acf01be22e811df6aba76624ce4f013ffa336241e3886628710b43a0c30
crc32: D0E3094F
md5: b613f4c9c7da22eadfa58809efd181d4
sha1: 525938e0c63943394f0fe08b154b906f1b2b26bd
sha256: 11cc4acf01be22e811df6aba76624ce4f013ffa336241e3886628710b43a0c30
sha512: 77612acff84999926d44d4cd8f133341154b8581e6ae555510d81f7dc383db45f618e054d1d27cf9fd5ff3c5bed6b9f5304b3aba27c145e7acadf1449f418d62
ssdeep: 12288:RupQf1kqVAzIjw1Th6f89nDtL7SI8BOLa8y2icWwUY:U++1zGw1Ts8VDtLeIqO+8VU
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T181452303D29DC51EC727CB32D4999A64B2191FFCCF44D10B95443D5A8AB8F6B8B8A323
sha3_384: 11b5ab7d91722d7b49b26d3adcf1ccd4a999dfa22641173d55c82edc13bc05291b079fa14ce1f8c9fff6d82cbe164e59
ep_bytes: e805030000e9c3fdffffcccccccccc3b
timestamp: 2009-07-13 23:11:01


Version Info:

CompanyName: Microsoft Corporation
FileDescription: x86 Performance Counter Host
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName: perfhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: perfhost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Malware.AI.1709004243 also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanWin32.Expiro.Gen.7
FireEyeGeneric.mg.b613f4c9c7da22ea
ALYacWin32.Expiro.Gen.7
SangforTrojan.Win32.Save.a
Cybereasonmalicious.0c6394
CyrenW32/Expiro.AU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.NDP
KasperskyHEUR:Trojan.Win64.Kryplod.pef
BitDefenderWin32.Expiro.Gen.7
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
AvastWin32:Malware-gen
DrWebWin32.Expiro.153
McAfee-GW-EditionBehavesLike.Win32.Virutrem.tt
SentinelOneStatic AI – Malicious PE
EmsisoftWin32.Expiro.Gen.7 (B)
APEXMalicious
Antiy-AVLTrojan/Generic.ASVirus.316
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Expiro.Gen.7
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Malware-gen.R462239
McAfeeGenericRXAA-AA!B613F4C9C7DA
MAXmalware (ai score=84)
MalwarebytesMalware.AI.1709004243
RisingMalware.Heuristic!ET#79% (RDMK:cmRtazohdlP8bQdUAiguJRXDdzA4)
IkarusTrojan.Patched
FortinetW32/Expiro.NDO!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.1709004243?

Malware.AI.1709004243 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment