What is “Malware.AI.1769125135”?

The Malware.AI.1769125135 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.1769125135 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.1769125135?


File Info:
name: DD2882D9517EBDAA248C.mlw
path: /opt/CAPEv2/storage/binaries/f8f84a5828a160b534fc9c9ed35d43fce07e6a233e1608de0a690f771e901ae1
crc32: 8883CB6D
md5: dd2882d9517ebdaa248c25c4ada1038c
sha1: eef8f20d3382f117edfff38f5901401c87d9df70
sha256: f8f84a5828a160b534fc9c9ed35d43fce07e6a233e1608de0a690f771e901ae1
sha512: d5adffd7129f66c9fd11fdf82c3eff4250b5b57b9542918349f5d82bcb231e85be80db38faf00d5b0c9939381c42ce814600e3986408ef3b09907d38bc874aba
ssdeep: 24576:Jo9OhI1AX6HEfY1SfyDQ+0q/OVisYTE9bBbvAJlu5ibxFbxaFwIp6NVWS:29OhIIqSY1SKMBtlIJbFbUFQV
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T169758C0AA7DC82B4D0B6C2BC87A64646F6F2B4050F35968B019DD62E1F379ED5F39312
sha3_384: cafd160b5a4ecefc5372594a06859b3307dc0896e6bb63e9abb97e207e54dc97e1e3bb7565e9dbe0f85721ef2c0cb7f7
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2053-01-15 12:15:29

Version Info:
CompanyName: Microsoft Corporation
FileDescription: AgentService EXE
FileVersion: 10.0.17134.1276 (WinBuild.160101.0800)
InternalName: AgentService EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: AgentService.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1276
Translation: 0x0409 0x04b0

Malware.AI.1769125135 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.132
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.dd2882d9517ebdaa
Cylance	Unsafe
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
Cybereason	malicious.d3382f
Arcabit	Win64.Expiro.Gen.6
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
ClamAV	Win.Virus.Expiro-9888028-0
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Sophos	ML/PE-A + W64/Expiro-AX
TrendMicro	Virus.Win64.EXPIRO.MR
Emsisoft	Win64.Expiro.Gen.6 (B)
Ikarus	Virus.Win64.Expiro
Jiangmin	Trojan.Bingoml.akq
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win64.Expiro.Gen.6
Cynet	Malicious (score: 100)
ALYac	Win64.Expiro.Gen.6
MAX	malware (ai score=86)
Malwarebytes	Malware.AI.1769125135
APEX	Malicious
SentinelOne	Static AI – Malicious PE
MaxSecure	virus.win64.expiro.gen
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_80% (D)

How to remove Malware.AI.1769125135?

Malware.AI.1769125135 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X