Malware

Malware.AI.2105528080 malicious file

Malware Removal

The Malware.AI.2105528080 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2105528080 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • NtSetInformationThread: attempt to hide thread from debugger
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with Themida
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: 531BA10FCCAE24EA741E.mlw
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Malware.AI.2105528080?



File Info:

name: 531BA10FCCAE24EA741E.mlw
path: /opt/CAPEv2/storage/binaries/039cd47262cdfa5fb72879609b752a09cc2f3399b8bfdbf5717f52bebd2513f9
crc32: 5EE0E915
md5: 531ba10fccae24ea741e6e2ebefec1c0
sha1: caa0e771458c80035c33cf2423c6375912f0cc1e
sha256: 039cd47262cdfa5fb72879609b752a09cc2f3399b8bfdbf5717f52bebd2513f9
sha512: 6c3d6d3e1a4901429b0f4e6f0ed853a9a4a0a4946099789d7a4587ba71891b150948da7d6a9b57426b7fa50b93bc8f398585dd5a3d6166456615e3161278d36f
ssdeep: 98304:ALe+VyxU9i/PSEUcT4iWL1y3SrDnZZQ1vU:83cSWT4itiPA1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19BE5332076D2327CC7672E3217681496E4BDDD2C1C5CCB7E22B48A967FCC2C8974D6A8
sha3_384: 775dc2b658f3cf94d8d4dc1ad5669c60ce242599e684458e6c5d44822e1b6dbf957c3fb147ab190793b72cd587a9ee3c
ep_bytes: e84b0100005389e3538b73088b7b10fc
timestamp: 2020-07-17 10:53:02


Version Info:

FileDescription: 
FileVersion: 1.1.33.02
InternalName: 
LegalCopyright: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.1.33.02
Translation: 0x0409 0x04b0

Malware.AI.2105528080 also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.Heur.GM.0000436180
CylanceUnsafe
SangforSuspicious.Win32.Save.a
Cybereasonmalicious.fccae2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.Themida.HLI
APEXMalicious
ClamAVWin.Packed.Genkryptik-9838646-0
KasperskyTrojan.Win32.Witch.nyz
BitDefenderGen:Trojan.Heur.GM.0000436180
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Trojan-gen
Ad-AwareGen:Trojan.Heur.GM.0000436180
EmsisoftGen:Trojan.Heur.GM.0000436180 (B)
McAfee-GW-EditionBehavesLike.Win32.Backdoor.wc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.531ba10fccae24ea
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.GM.0000436180
AviraHEUR/AGEN.1211727
MAXmalware (ai score=87)
ArcabitTrojan.Heur.GM.D6A7D4
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R338754
Acronissuspicious
BitDefenderThetaAI:Packer.DD91A5B51D
ALYacGen:Trojan.Heur.GM.0000436180
MalwarebytesMalware.AI.2105528080
ZonerProbably Heur.ExeHeaderL
RisingTrojan.Generic@AI.100 (RDML:uxH2pYXLuLGrstY/0gxE6g)
IkarusTrojan.Win32.Themida
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Themida.HLI!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Malware.AI.2105528080?

Malware.AI.2105528080 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment