Malware

Malware.AI.1848744155 removal

Malware Removal

The Malware.AI.1848744155 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1848744155 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Enumerates running processes
  • Reads data out of its own binary image
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Collects information about installed applications
  • CAPE detected the WinDealer malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings

How to determine Malware.AI.1848744155?



File Info:

name: ACC60C087F94986A44F2.mlw
path: /opt/CAPEv2/storage/binaries/0d7c2fa7afe62940036f32ca37d80f681c360a2ae1f601a699232868da44d045
crc32: 9A575CFA
md5: acc60c087f94986a44f2ec6e8b65bcff
sha1: 76af847d6431897a0206ce3b0e0dcca5640982e0
sha256: 0d7c2fa7afe62940036f32ca37d80f681c360a2ae1f601a699232868da44d045
sha512: 4d4a21ff84d8e968950a60629b5e6a768459f6c03b34db013375e2ee23767bcc30edbe2c52aab191c8001b9c97c8323b0be897f633c377859f75c76eb6064f51
ssdeep: 3072:n8C+MX5jjzuj0U9SCtgC0GQLKVN26Bvwxo1yNzgOx5E5BqLZrb:l5jvhESD38kMdQIqLZ3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T129847D553819F01CCC996F76BBA296ED139A1F118D4E1D57B9C0734C187AAC2BAC8C3D
sha3_384: 86f070679e7cffe2593841a5a52125734c287d54038d29ef857693e9227afa362f016c581c14459bd0bd1b99a5fba744
ep_bytes: 558bec6aff687034400068b621400064
timestamp: 2018-05-24 01:56:53


Version Info:

CompanyName: 
FileDescription: RunResDll Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: RunResDll
LegalCopyright: 版权所有 (C) 2018
LegalTrademarks: 
OriginalFilename: RunResDll.EXE
ProductName: RunResDll 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Malware.AI.1848744155 also known as:

LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.acc60c087f94986a
CAT-QuickHealTrojan.GenericRI.S23839443
McAfeeTrojan-FPZA!ACC60C087F94
CylanceUnsafe
ZillyaTrojan.Agent.Win32.1355478
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0054e0a31 )
AlibabaTrojan:Win32/Dostre.d26fa02c
K7GWTrojan ( 0054e0a31 )
Cybereasonmalicious.87f949
CyrenW32/Zusy.CW.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.GHFL
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.qwidcl
BitDefenderTrojan.GenericKDZ.83549
MicroWorld-eScanTrojan.GenericKDZ.83549
AvastWin32:Trojan-gen
TencentTrojan.Win32.Agent.xb
Ad-AwareTrojan.GenericKDZ.83549
EmsisoftTrojan.GenericKDZ.83549 (B)
ComodoWorm.Win32.Prux.A@4q442u
DrWebTrojan.PWS.Siggen2.3725
TrendMicroTROJ_GEN.R002C0DB822
McAfee-GW-EditionTrojan-FPZA!ACC60C087F94
Trapminemalicious.high.ml.score
SophosMal/Generic-S + Troj/Krypt-FM
IkarusTrojan.Crypt
GDataTrojan.GenericKDZ.83549
JiangminTrojan.Agent.bwin
AviraHEUR/AGEN.1219715
Antiy-AVLTrojan/Generic.ASMalwS.26900A4
GridinsoftRansom.Win32.Zbot.sa
ArcabitTrojan.Generic.D1465D
ViRobotTrojan.Win32.Z.Agent.393216.AQUC
MicrosoftTrojan:Win32/Dostre.CA!MTB
TACHYONTrojan/W32.Agent.393216.AQA
AhnLab-V3Trojan/Win.Generic.R419093
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34264.yq0@aeatDvbb
ALYacTrojan.GenericKDZ.83549
MAXmalware (ai score=85)
VBA32Trojan.Fuerboos
MalwarebytesMalware.AI.1848744155
TrendMicro-HouseCallTROJ_GEN.R002C0DB822
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!wOfcMPeEaoo
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.GHFL!tr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1848744155?

Malware.AI.1848744155 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment