Malware

Malware.AI.1738436842 removal tips

Malware Removal

The Malware.AI.1738436842 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1738436842 virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.1738436842?



File Info:

name: 5F7BA6E1D4F886016564.mlw
path: /opt/CAPEv2/storage/binaries/23b7be395dacfe3c5368f4ba9abd8c66d6a54b80dc111826b59296ba2d193596
crc32: D59E56F4
md5: 5f7ba6e1d4f886016564f8637977a9f2
sha1: dff812b1d03ac54ca9e4bed635ddfe3cf6730431
sha256: 23b7be395dacfe3c5368f4ba9abd8c66d6a54b80dc111826b59296ba2d193596
sha512: 3c50b00eebeb48585ba4f23a4dffc5947e0872fef9ce054a657cd2d3324de84968da251cdaf02a2c9f37f83585cb1943fe71a801d2e85e71b6949868da24fc87
ssdeep: 12288:FzgYmxiM2JzlYFsFICepZwWy8AZ+XbiVI1X/DY62/Y+SbPoSE+MZ9oQONv:PmxkJzlYFsFI3PtyhK/vD12w1OoQwv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F6B42322B4DA81E5E1B6233601C77BBE2155ED1C79F39F5EBA4063C3E858F66B9000B5
sha3_384: e96621726ca42136e5d757a7240a1dd69ed85c46c396cc01396b491953e8a415ef0f3c8b5831a03df7f38785af8c8994
ep_bytes: 60be006051008dbe00b0eeff5789e58d
timestamp: 2021-08-23 08:26:51


Version Info:

FileVersion: 1.0.0.0
FileDescription: 指令复核回单打印程序
ProductName: 指令复核回单打印程序
ProductVersion: 1.0.0.0
CompanyName: LSugar
LegalCopyright: LSugar
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Malware.AI.1738436842 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Fragtor.363181
FireEyeGeneric.mg.5f7ba6e1d4f88601
CAT-QuickHealRansom.Gimemo.16898
SkyhighBehavesLike.Win32.Generic.hc
McAfeeArtemis!5F7BA6E1D4F8
MalwarebytesMalware.AI.1738436842
SangforTrojan.Win32.Agent.Vzg6
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.1d03ac
ArcabitTrojan.Fragtor.D58AAD
BitDefenderThetaGen:NN.ZexaF.36792.GmKfaOkTY1eH
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
BitDefenderGen:Variant.Fragtor.363181
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Variant.Fragtor.363181 (B)
VIPREGen:Variant.Fragtor.363181
Trapminemalicious.high.ml.score
SophosGeneric Reputation PUA (PUA)
IkarusTrojan.Agent
VaristW32/ABRisk.IXRE-4015
Antiy-AVLTrojan/Win32.FlyStudio.a
GDataWin32.Trojan.PSE.1CJUYU
GoogleDetected
ALYacGen:Variant.Fragtor.363181
MAXmalware (ai score=80)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H09IM23
RisingTrojan.Generic@AI.100 (RDML:w36sb1vAFmfTPTdi34wlQQ)
SentinelOneStatic AI – Malicious PE
MaxSecureDropper.Dinwod.frindll
FortinetRiskware/Application
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_60% (W)

How to remove Malware.AI.1738436842?

Malware.AI.1738436842 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment