Malware

Malware.AI.1954533938 removal guide

Malware Removal

The Malware.AI.1954533938 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1954533938 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Arabic (Qatar)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.1954533938?



File Info:

name: 08DC87767C5E4AF1763F.mlw
path: /opt/CAPEv2/storage/binaries/a9090768f351a5a4aad82e915bdcba6ea909ac0f14d43b9f4657b31f094f8f84
crc32: 885689D2
md5: 08dc87767c5e4af1763ff0d20d5e3941
sha1: a9d87280cfb86e22360dc613b128f6c0b31fc492
sha256: a9090768f351a5a4aad82e915bdcba6ea909ac0f14d43b9f4657b31f094f8f84
sha512: 6b42b2fb5f40b8f2bf3ad0a02cc7ccffa569588d31bcab97d9ccacd3057aa51aa4cb3683e8659339e429c6d0fc54940b7970b29eb591ae2995b206d31dda883c
ssdeep: 12288:0D2OqW0FiPckkQHerW38wm9A7xW+m6pngs:62h+cFW38wrxe6p
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T15A84AE22B59ACF62E06F0071DD695AFA456FAC348F2003E353C9BE5E34705D2A9B3563
sha3_384: c65b70095c65ec92eaeb9e4fd3a5279538811536e50381fa622e195b5ad4db413c9d0624e638906fd6ff5be10b6f9867
ep_bytes: e8f30b0000e968feffff8b4df464890d
timestamp: 2021-02-14 22:24:53


Version Info:

CompanyName: Adobe Systems Inc.
FileDescription: Adobe Create PDF plug-in listener for Chrome
FileVersion: 21.1.20138.422477
LegalCopyright: Copyright 1984-2021 Adobe Systems Incorporated
OriginalFilename: WCChromeNativeMessagingHost.exe
ProductName: Adobe Create PDF
ProductVersion: 21.1.20138.422477
Translation: 0x0409 0x04b0

Malware.AI.1954533938 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Gen.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.386542
FireEyeGeneric.mg.08dc87767c5e4af1
ALYacGen:Variant.Lazy.386542
MalwarebytesMalware.AI.1954533938
VIPREGen:Variant.Lazy.386542
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005ab4bf1 )
AlibabaTrojan:Win32/Doina.d6b3bf9b
K7GWTrojan ( 005ab4bf1 )
CyrenW32/Patched.GQ1.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Patched.NKM
KasperskyHEUR:Trojan-Ransom.Win32.Gen.pef
BitDefenderGen:Variant.Lazy.386542
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.10bf2101
EmsisoftGen:Variant.Lazy.386542 (B)
DrWebWin32.Beetle.2
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
GDataWin32.Trojan.PSE.1088MD3
JiangminTrojan.Gen.byg
GoogleDetected
Antiy-AVLTrojan/Win32.Patched
ArcabitTrojan.Lazy.D5E5EE
ZoneAlarmHEUR:Trojan-Ransom.Win32.Gen.pef
MicrosoftTrojan:Win32/Doina.RPX!MTB
AhnLab-V3Trojan/Win.KP.C5481370
McAfeeGenericRXEB-KP!08DC87767C5E
MAXmalware (ai score=83)
VBA32BScope.Trojan.Meterpreter
Cylanceunsafe
RisingTrojan.Generic@AI.100 (RDML:vMMDJt7ruGrYov0hq7mxtA)
IkarusTrojan.Win32.Patched
FortinetW32/Patched.IP!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.1954533938?

Malware.AI.1954533938 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment