Malware

Malware.AI.1973383887 (file analysis)

Malware Removal

The Malware.AI.1973383887 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1973383887 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial language used in binary resources: Arabic (Libya)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Malware.AI.1973383887?



File Info:

name: 82498F97C2D4D45F306A.mlw
path: /opt/CAPEv2/storage/binaries/4677e9d53ee6b2656634f38869362f08b411e7ae0855a06bf81e252afbe7ebe3
crc32: 1302D243
md5: 82498f97c2d4d45f306a3cb0cf0d9ab9
sha1: eab8eb8a0f18ac4016431036d0ba3767db47188f
sha256: 4677e9d53ee6b2656634f38869362f08b411e7ae0855a06bf81e252afbe7ebe3
sha512: c03771d3ff257e2858a670f7d98ecd37bd42724d358ff32e0b44b4cdbd2d49ec962485a5cfd9c81d8b358f189312fd9e33d7723b07c467f018690f6befc9d28e
ssdeep: 384:alF5u+XVNu9/efxYp2N68wfmtowUfMI1x:WPu+XVY9/eJZZw+tBUkux
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T129F28735D7DD44B5F37BCB3A96B641C8982BBD313B01A9CEA18D32450533B86D8B059E
sha3_384: f65379c0982a0e5136cfe236a7ef8b3ea02388575152f63a24ec6d695266af51a4bc3384878b1ddad6bf9e1309aa5074
ep_bytes: 57565351e87ef4ffffc3cccccccccccc
timestamp: 1973-03-03 10:25:35


Version Info:

CompanyName: JineJong
FileDescription: JineJong company
FileVersion: Version 2.5.23
InternalName: JineJong
LegalCopyright: Copyright by JineJong
OriginalFilename: JineJong
Translation: 0x040b 0x04e2

Malware.AI.1973383887 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
ClamAVWin.Downloader.Upatre-6840800-0
FireEyeGeneric.mg.82498f97c2d4d45f
McAfeeUpatre-FAEL!82498F97C2D4
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 0052964f1 )
K7AntiVirusTrojan ( 0052964f1 )
BitDefenderThetaGen:NN.ZexaF.34638.cq1@aGyzVyiG
CyrenW32/Upatre.GR.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/TrojanDownloader.Waski.A
BaiduWin32.Trojan-Downloader.Waski.a
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Downloader.Win32.Upatre.bla
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.Upatre.dfecyf
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
MicroWorld-eScanTrojan.Ppatre.Gen.1
AvastWin32:Agent-AULS [Trj]
TencentTrojan-Downloader.Win32.Waski.16000151
Ad-AwareTrojan.Ppatre.Gen.1
SophosML/PE-A + Troj/HkMain-AZ
ComodoTrojWare.Win32.TrojanDownloader.Upatre.AAL@5iclp5
DrWebTrojan.DownLoad3.34292
ZillyaDownloader.Upatre.Win32.70504
TrendMicroTROJ_UPATRE.SM37
EmsisoftTrojan.Ppatre.Gen.1 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan-Downloader.Upatre.BK
JiangminTrojanDownloader.Upatre.p
AviraHEUR/AGEN.1237752
ZoneAlarmHEUR:Trojan.Win32.Delf.gen
MicrosoftTrojan:Win32/PWSZbot.GSB!MTB
AhnLab-V3Downloader/Win.Upatre.C5064143
VBA32TrojanDownloader.Upatre
ALYacTrojan.Ppatre.Gen.1
MAXmalware (ai score=81)
MalwarebytesMalware.AI.1973383887
TrendMicro-HouseCallTROJ_UPATRE.SM37
RisingDownloader.Waski!8.184 (TFE:dGZlOgVWF2qTFcMavA)
YandexTrojan.GenAsa!+rIQ7cDoUXQ
IkarusTrojan.Win32.Bublik
MaxSecureTrojan.Upatre.Gen
FortinetW32/Waski.A!tr
AVGWin32:Agent-AULS [Trj]
Cybereasonmalicious.7c2d4d
PandaTrj/Genetic.gen

How to remove Malware.AI.1973383887?

Malware.AI.1973383887 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment