Malware

Malware.AI.2018408270 malicious file

Malware Removal

The Malware.AI.2018408270 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2018408270 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Terminates another process
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • CAPE detected the Loki malware family
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Malware.AI.2018408270?



File Info:

name: C9BDCD0B62D20550ECB2.mlw
path: /opt/CAPEv2/storage/binaries/af25c0427a6a68410fb2aee7d49e72bfc9df0ec5d0a18b78922cbd927705027d
crc32: 191C988F
md5: c9bdcd0b62d20550ecb299ffdbf9a225
sha1: d1c1c2c655241611f3533a5d71ae244ded5f3f5f
sha256: af25c0427a6a68410fb2aee7d49e72bfc9df0ec5d0a18b78922cbd927705027d
sha512: 976acd78b24e93d523b8a47928a65126ab4552189b57c89d2547e2249b53295c54c9c4791135a03d8b2f50c6ce87b038b7e811ffd23e70c48529d6bb61ebaee0
ssdeep: 12288:lRLq7W2l//U4fOK7DOYvtyZJxFLHiDlvv7V:XL0WGb1YT+pzV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16705D697B5988267E4C99BF2E367DCF39CA13DBB983101292E5C3E453A3E70D4B12215
sha3_384: d1ba011c308d3d247ba89602b9c4ad28b287d12abb9a3974ca7ace9b414dbff060c46f32dbf6a3b695b4a30d037e68ad
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-04-14 11:19:35


Version Info:

Comments: 
CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Fireworks CS6
FileVersion: 12.0.0.236
InternalName: Fireworks
LegalCopyright: Copyright © 1998-2012 Adobe Systems Incorporated. All rights reserved.
LegalTrademarks: 
OriginalFilename: Fireworks.exe
PrivateBuild: 
ProductName: Fireworks
ProductVersion: 12.0.0.236
SpecialBuild: 
Translation: 0x0409 0x04b0

Malware.AI.2018408270 also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.944785
FireEyeGeneric.mg.c9bdcd0b62d20550
ALYacGen:Variant.Bulz.944785
CylanceUnsafe
VIPREGen:Variant.Bulz.944785
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00524e1d1 )
AlibabaBackdoor:Win32/Kryptik.af463807
K7GWTrojan ( 00524e1d1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34582.Xm0@aCnJGcpi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.MLS
TrendMicro-HouseCallTROJ_GEN.R002C0PGI22
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderGen:Variant.Bulz.944785
NANO-AntivirusTrojan.Win32.Androm.exgotf
AvastWin32:Malware-gen
TencentWin32.Backdoor.Generic.Tayv
Ad-AwareGen:Variant.Bulz.944785
SophosML/PE-A
ZillyaTrojan.Kryptik.Win32.3350338
TrendMicroTROJ_GEN.R002C0PGI22
McAfee-GW-EditionPacked-YH!C9BDCD0B62D2
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Bulz.944785 (B)
IkarusTrojan.MSIL.Kryptik
GDataGen:Variant.Bulz.944785
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1202189
MAXmalware (ai score=95)
Antiy-AVLTrojan/Generic.ASMalwS.A9D
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Kryptik.C2387674
Acronissuspicious
McAfeePacked-YH!C9BDCD0B62D2
MalwarebytesMalware.AI.2018408270
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:81+mFOdhB6VcWK5kMzLsFA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetMSIL/Kryptik.MLK!tr
AVGWin32:Malware-gen
Cybereasonmalicious.b62d20
PandaTrj/GdSda.A

How to remove Malware.AI.2018408270?

Malware.AI.2018408270 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment