Malware

Malware.AI.2111915460 removal instruction

Malware Removal

The Malware.AI.2111915460 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2111915460 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Arabic (Egypt)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the CyberGate malware family
  • Creates a copy of itself
  • Creates known SpyNet mutexes and/or registry changes.
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.2111915460?



File Info:

name: 6CFA028B44F9746A1F9E.mlw
path: /opt/CAPEv2/storage/binaries/013a7623015919fb9f68b9a39fe560bf13a404f172f3a658b2965e444c11e198
crc32: 50D71F40
md5: 6cfa028b44f9746a1f9ebb5415fd11c3
sha1: 15d528162693cb9aedb55ff6c79f50e53f7a9203
sha256: 013a7623015919fb9f68b9a39fe560bf13a404f172f3a658b2965e444c11e198
sha512: 5ae4e054827ba6279dc0f69272b1e498c1e8c575cb283bbf3357cfcb0f2cc36763880648a18c36dfa2ad03b66cba43befd58663e54b71164ad3c3b81037e3eb6
ssdeep: 24576:IvEn5inCrXJCNeI5NKM4R5fani4TTv0+7OKngvr1jPGKlhMYvVA9vjtW:IveoTK7UM+pMr1qgVAZtW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13C65AF27B5968436D0736A3CDC6BB358582A7E103E78A84F3BE41C4C5F3968179392B7
sha3_384: ee67ee95cfc09ecd7fdb8015eba8664399e9bb9ff724aa1207828e276bc1587259f1003579d784ad3a6063e7b035a6a3
ep_bytes: 558bec83c4f0b858795300e878e9ecff
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Malware.AI.2111915460 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Llac.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.735597
ALYacGen:Variant.Bulz.735597
MalwarebytesMalware.AI.2111915460
VIPREGen:Variant.Bulz.735597
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 0055e3991 )
AlibabaVirTool:Win32/Injector.f188986b
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.b44f97
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.BWWE
APEXMalicious
ClamAVWin.Malware.Generic-9875799-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Bulz.735597
NANO-AntivirusTrojan.Win32.Llac.dpuwiq
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.13b1b66b
EmsisoftGen:Variant.Bulz.735597 (B)
F-SecureHeuristic.HEUR/AGEN.1330172
DrWebTrojan.PWS.Banker1.16516
ZillyaTrojan.Injector.Win32.1654935
TrendMicroTROJ_GEN.R002C0DDM23
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.th
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.6cfa028b44f9746a
SophosMal/Generic-S
IkarusBackdoor.Agent
GDataGen:Variant.Bulz.735597
GoogleDetected
AviraHEUR/AGEN.1330172
Antiy-AVLTrojan/Win32.Llac
ArcabitTrojan.Bulz.DB396D
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftVirTool:Win32/Injector.BG!bit
CynetMalicious (score: 100)
McAfeeArtemis!6CFA028B44F9
MAXmalware (ai score=86)
VBA32TScope.Trojan.Delf
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DDM23
RisingHackTool.Injector!8.1E2 (TFE:5:3c6X26x2y8B)
YandexTrojan.GenAsa!aiPk8VXdSVY
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Injector.BWWE!tr
BitDefenderThetaGen:NN.ZelphiF.36196.BHW@aqdH4@eG
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.2111915460?

Malware.AI.2111915460 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment