Malware

What is “Malware.AI.1954731246”?

Malware Removal

The Malware.AI.1954731246 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1954731246 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Uses IOCTL_SCSI_PASS_THROUGH control codes to manipulate drive/MBR which may be indicative of a bootkit
  • Attempted to write directly to a physical drive
  • Anomalous binary characteristics

How to determine Malware.AI.1954731246?



File Info:

name: 8B42D9E9A26AE345477E.mlw
path: /opt/CAPEv2/storage/binaries/367c2b9e1e048bf19dd2a9009a3b8c731c76d65687fb46aaff6dc5cc7e4bc507
crc32: 49C8E97A
md5: 8b42d9e9a26ae345477e9a1e931564b1
sha1: 016e124edf90281dc034f849db497d29114fdde0
sha256: 367c2b9e1e048bf19dd2a9009a3b8c731c76d65687fb46aaff6dc5cc7e4bc507
sha512: 3501f23a12b23d6833b5e8ed7f8abe1b65c1869977bb2ab39ad1400421130d1b4ace76e36ccfdbb9a6b2fe9eab2159f7218f8063e5e6c936f434d23da7f6a9af
ssdeep: 6144:4X3RAJSgZXU860r754p7mknXHZYDwEm5O/LSlV98gWNlPTGQQm6agrdS96:4XkSgZ7P/54pX5YDwKk8NtTirdS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B164025363F64988F2F21B3049BF41D4497AFE12BD72EF0E6154B45E2CB4A61E862723
sha3_384: cebeb59be2fa7d193004667580b12646e509d9202b58a2af699f190f79ee41e031a05e80d1d79d5fa2bc922116314ca2
ep_bytes: 6801b04600e801000000c3c3e7ccd29c
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Malware.AI.1954731246 also known as:

LionicTrojan.Win32.Generic.leu8
DrWebBackDoor.Bifrost.19762
MicroWorld-eScanGen:Variant.Jacard.143586
FireEyeGen:Variant.Jacard.143586
McAfeeArtemis!8B42D9E9A26A
MalwarebytesMalware.AI.1954731246
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 0055e3991 )
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.9a26ae
BitDefenderThetaAI:Packer.2D29353A19
VirITTrojan.Win32.Generic.BEZI
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.ANDS
Paloaltogeneric.ml
ClamAVWin.Trojan.Refroso-6997177-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Jacard.143586
NANO-AntivirusTrojan.Win32.Bifrost.bbufig
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.114c3c1a
SophosTroj/Zusy-Fam
ComodoTrojWare.Win32.Injector.TZM@4putks
ZillyaBackdoor.Bifrose.Win32.78264
McAfee-GW-EditionBehavesLike.Win32.Sytro.fc
EmsisoftGen:Variant.Jacard.143586 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Refroso.aidr
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1218100
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.CEBA5
KingsoftWin32.Heur.KVM004.a.(kcloud)
MicrosoftVirTool:Win32/Injector.BG!bit
ViRobotTrojan.Win32.A.Refroso.335360.A
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Jacard.143586
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Bifrose.C1772218
ALYacGen:Variant.Jacard.143586
TACHYONTrojan/W32.Refroso.335360.B
VBA32TScope.Trojan.Delf
APEXMalicious
RisingTrojan.Generic!8.C3 (CLOUD)
YandexTrojan.Refroso!NsFiAsMK0zE
IkarusBackdoor.Win32.Bifrose
eGambitUnsafe.AI_Score_99%
FortinetW32/Zbot.ZY!tr
Webrootw32.malware.gen
AVGWin32:Malware-gen
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.1954731246?

Malware.AI.1954731246 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment