Malware

Malware.AI.2066803145 information

Malware Removal

The Malware.AI.2066803145 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2066803145 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Malware.AI.2066803145?



File Info:

name: B78D325F252C19C38F9F.mlw
path: /opt/CAPEv2/storage/binaries/5fde61b104497df3fc103f6ce2826ecd16107eb9818e74474641d230c259e8ca
crc32: EBF48323
md5: b78d325f252c19c38f9ff0cc4535ecbe
sha1: 0438dbebf2a9f72330bc12c5e4d7ed0ac93fec92
sha256: 5fde61b104497df3fc103f6ce2826ecd16107eb9818e74474641d230c259e8ca
sha512: 4d42b82c6c8b9edd3d52d490508b2d958bc69426b95276e482fe4374806bf5bbe46b90b4fd7a64aaa45a46c4627e26b405248261164505481fb6af913f0506ad
ssdeep: 12288:9G5knZfFKe7ZXheg025ET9wPiEzCmj1E0y8DoNZXV5:9G50ZfFKMXh92JwPiwCeE0bsD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T122B4011178F589F6C6920432CE606FE2F1F9D7680F30486737A90A2C7E7DE95C216B96
sha3_384: 73f0bc43a5a1e1517be997c756f02eba5e207184f9290d8134292b30dd5df14c778f86b654c0590307c369200968e7be
ep_bytes: 558bec6aff68e8b9410068fc47410064
timestamp: 2011-04-18 18:54:06


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.22 beta
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2011 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.22 beta
Translation: 0x0409 0x04b0

Malware.AI.2066803145 also known as:

LionicTrojan.Win32.BitCoinMiner.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader26.10606
ClamAVWin.Trojan.Autoit-9645223-0
ALYacDropped:Trojan.GenericKD.12495194
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Autoit.8
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderDropped:Trojan.GenericKD.12495194
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.f252c1
CyrenW32/AutoIt.TR.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of Win32/TrojanDownloader.Autoit.OHG
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyTrojan.Win32.BitCoinMiner.ds
AlibabaTrojanDownloader:Win32/BitCoinMiner.0ce4b75f
NANO-AntivirusTrojan.Win32.BitCoinMiner.ettdrm
MicroWorld-eScanDropped:Trojan.GenericKD.12495194
Ad-AwareDropped:Trojan.GenericKD.12495194
EmsisoftDropped:Trojan.GenericKD.12495194 (B)
ComodoMalware@#29y7wp9zj2lyb
McAfee-GW-EditionTrojan-FOKC!B78D325F252C
FireEyeGeneric.mg.b78d325f252c19c3
SophosMal/Generic-R
GDataDropped:Trojan.GenericKD.12495194
AviraTR/Dldr.Autoit.canmn
MAXmalware (ai score=100)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ArcabitTrojan.Generic.DBEA95A
MicrosoftTrojan:Win32/Vigorf.A
McAfeeTrojan-FOKC!B78D325F252C
VBA32Trojan-Downloader.Autoit.gen
MalwarebytesMalware.AI.2066803145
PandaTrj/CI.A
TencentWin32.Trojan.Bitcoinminer.Pgcz
YandexTrojan.DL.Autoit!i3rVBlovg64
IkarusTrojan.Win32.Tiggre
MaxSecureTrojan.Malware.121218.susgen
FortinetAutoIt/Agent.OHG!tr.dldr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.2066803145?

Malware.AI.2066803145 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment