Malware

Malware.AI.1749963638 removal guide

Malware Removal

The Malware.AI.1749963638 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1749963638 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • CAPE detected the embedded win api malware family
  • Created a service that was not started
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.1749963638?



File Info:

name: 20D1259BF91BCC3774E9.mlw
path: /opt/CAPEv2/storage/binaries/f6fa13ed1d219ffb6d80c7199c02c74e37f6ad2c354e47fb7d6a87b56c3befb2
crc32: 13BDE310
md5: 20d1259bf91bcc3774e93bba539a1782
sha1: 0701076dc6c3cc037452bb7f0a0f935b360200b1
sha256: f6fa13ed1d219ffb6d80c7199c02c74e37f6ad2c354e47fb7d6a87b56c3befb2
sha512: da713325cb250bac8301bb5ed4e8fdb010be544635255008a16a737d68ab574c3e0e3635f0fadf0929e2e02c95295b440a7fc96b00855f9c1ca18862dad77729
ssdeep: 98304:OHJNAT5UDn7bW8NFYaa+0YTKuciScHZ73y16zem64Y54FjDogV5PBubd358:2NA14bhNFS+3KOznzLuex1XPBubk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8263491EAF2271DE3703DFC48612A91CCA1AE485231C42119F57C99097C69BEC7AEFD
sha3_384: dc93240b7afeea697cf265f0d06c7d815434e78dda7c89df67d9b3b0bb28a88d259a23320112b26f562bde2a6dbdf665
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: QT Split Control Reference Setup                            
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: QT Split Control Reference                                  
ProductVersion: 0.1.2.1             
Translation: 0x0000 0x04b0

Malware.AI.1749963638 also known as:

BkavW32.Common.9E9B18E8
LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanTrojan.Generic.34700133
FireEyeTrojan.Generic.34700133
SkyhighBehavesLike.Win32.Trojan.rc
ALYacTrojan.Generic.34700133
Cylanceunsafe
SangforDropper.Win32.Ekstak.Vhe2
K7AntiVirusTrojan ( 005722f11 )
AlibabaTrojanDropper:Win32/Ekstak.72abcab4
K7GWTrojan ( 005722f11 )
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
CynetMalicious (score: 100)
BitDefenderTrojan.Generic.34700133
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan.Ekstak.Ocnw
SophosMal/Generic-S
F-SecureTrojan.TR/Drop.Agent.dkbzf
VIPRETrojan.Generic.34700133
TrendMicroTROJ_GEN.R002C0XAS24
EmsisoftTrojan.Generic.34700133 (B)
IkarusTrojan.Win32.Crypt
GDataTrojan.Generic.34700133
AviraTR/Drop.Agent.dkbzf
KingsoftWin32.Trojan.Ekstak.avfcu
ArcabitTrojan.Generic.D2117B65
ZoneAlarmTrojan.Win32.Ekstak.avfcu
MicrosoftTrojan:Win32/ICLoader.JL!MTB
VaristW32/Agent.WTMJ-2637
AhnLab-V3Adware/Win.AdwareX-gen.R632363
MAXmalware (ai score=82)
MalwarebytesMalware.AI.1749963638
TrendMicro-HouseCallTROJ_GEN.R002C0XAS24
MaxSecureTrojan.Malware.226688438.susgen
FortinetRiskware/Agent
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1749963638?

Malware.AI.1749963638 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment