Should I remove “Malware.AI.1728418418”?

The Malware.AI.1728418418 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.1728418418 virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Malware.AI.1728418418?


File Info:
name: FBD20D8283C88B57A061.mlw
path: /opt/CAPEv2/storage/binaries/37a3318b9017a52671ba317f60a2a672b12fe14fcd78854865be07e80a5be899
crc32: ACFC58DB
md5: fbd20d8283c88b57a061528e87dd35b7
sha1: 53f5bc53b431e906a4b5844ef8af8f20c229a199
sha256: 37a3318b9017a52671ba317f60a2a672b12fe14fcd78854865be07e80a5be899
sha512: e7bcb7ce230fab3aa316202aa37bffa83e4f3c44be038fa07ae32835cba6c70ff3ecfe907d9f81ad270e035bbd8e9a2cacdaabeec6ecce55a57eeaefafd6f3ea
ssdeep: 24576:x8Pmi2SFJ8PmioSFNcZSc0BYA+cFzM2jaZW:CPmi2SF6PmioSFmZSR4W
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1C3157B1D32977DBDCF67B3F8C906C622D5A27C659260D69B42E08D1B3E132B76A38305
sha3_384: c85107b3031619a0fc834897b1bb6ffaeb8bcf02398c8d9bc7d734d5a201245a4d8f875de7921db3cf93e8f1bc29459c
ep_bytes: 4883ec28e8870500004883c428e92afe
timestamp: 1971-01-08 08:44:05

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows Command Processor
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: cmd
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: Cmd.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.1728418418 also known as:

Lionic	Virus.Win64.Expiro.n!c
Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.134
MicroWorld-eScan	Gen:Variant.Mikey.129807
Alibaba	Virus:Win64/Expiro.d62938bc
Cybereason	malicious.283c88
Cyren	W64/Expiro.R.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
Paloalto	generic.ml
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Gen:Variant.Mikey.129807
NANO-Antivirus	Virus.Win64.Expiro.clnvwd
Avast	Win64:Xpirat [Inf]
Tencent	Win64.Virus.Expiro.Ehhq
Ad-Aware	Gen:Variant.Mikey.129807
Sophos	ML/PE-A
F-Secure	Trojan.TR/Patched.Gen
TrendMicro	Virus.Win64.EXPIRO.CMD
McAfee-GW-Edition	BehavesLike.Win64.Virus.dh
FireEye	Gen:Variant.Mikey.129807
Emsisoft	Gen:Variant.Mikey.129807 (B)
GData	Gen:Variant.Mikey.129807
Avira	TR/Patched.Gen
MAX	malware (ai score=81)
Arcabit	Trojan.Mikey.D1FB0F
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Mikey.129807
Malwarebytes	Malware.AI.1728418418
Ikarus	Virus.Win64.Expiro
MaxSecure	virus.win64.expiro.gen
Fortinet	W64/Expiro.CO!tr
Webroot	W32.Virus.Win64.Expiro
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_80% (W)

How to remove Malware.AI.1728418418?

Malware.AI.1728418418 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X