Malware

How to remove “Malware.AI.2126017844”?

Malware Removal

The Malware.AI.2126017844 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2126017844 virus can do?

  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Creates a copy of itself
  • Binary compilation timestomping detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.2126017844?



File Info:

name: 0F90C2DC433CD8340E91.mlw
path: /opt/CAPEv2/storage/binaries/422a58bad067deea57bc36b734f0568e229b7da3f3735e1c8693dcabd4d4508d
crc32: B38660D5
md5: 0f90c2dc433cd8340e918fac96f5ffea
sha1: 633b3bfb28659d302c7d9405a8521484c6cbbd0a
sha256: 422a58bad067deea57bc36b734f0568e229b7da3f3735e1c8693dcabd4d4508d
sha512: da0a69923d9df89e8c24b67fe811f54261f98c9d89466067f85858c1d8c095937d634954ad4c82d5eed17567ddadbbf090da07d18e31cc149ee8f60ea5abfe7b
ssdeep: 384:RFVlAaOhUgFuSMXHJTa62Axk3bYqsQVWWIMlv2JS5J0qjaVAr+MYrfDImSqAO:f4qSMZ263yEqNoQe2OqmHfVL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T111D2F1AF32D48BD9CA6204BD17E1FEC0F26A7944BB6816B959F1B35A40E34C64794F03
sha3_384: c02929a2d8155636162b788a5573620228989e76d68a661d6078ba53be00cc60c0120cb7ef24bf0a0008772b0df01cc9
ep_bytes: 60be002041008dbe00f0feff5783cdff
timestamp: 2029-10-13 15:59:23


Version Info:

0: [No Data]

Malware.AI.2126017844 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.QQPass.i!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGeneric.Malware.SMg.D5108FD8
CAT-QuickHealTrojanpws.Qqpass.20915
SkyhighBehavesLike.Win32.Sytro.mc
McAfeePWS-LegMir.ao
MalwarebytesMalware.AI.2126017844
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005726871 )
BitDefenderGeneric.Malware.SMg.D5108FD8
K7GWTrojan ( 005726871 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.9A4910BC19
VirITTrojan.Win32.Legendmir.NQE
SymantecInfostealer.Lemir.Gen
ESET-NOD32Win32/PSW.QQPass.AK
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-PSW.Win32.QQPass.ak
NANO-AntivirusTrojan.Win32.QQPass.etjxvt
ViRobotTrojan.Win32.PSWQQPass.94208[UPX]
RisingStealer.OnlineGames!1.6977 (CLOUD)
SophosTroj/LegMir-Gen
F-SecureTrojan.TR/PSW.QQpass.HQ
DrWebTrojan.PWS.Legmir
VIPREGeneric.Malware.SMg.D5108FD8
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.0f90c2dc433cd834
EmsisoftGeneric.Malware.SMg.D5108FD8 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/PSW.WyHunt
WebrootW32.Trojan.Gen
VaristW32/QQPass.ZYYW-6874
AviraTR/PSW.QQpass.HQ
MAXmalware (ai score=80)
Antiy-AVLTrojan[PSW]/Win32.QQPass
KingsoftWin32.HeurC.KVM003.a
XcitiumTrojWare.Win32.PSW.Legendmir.BY@2wbw
ArcabitGeneric.Malware.SMg.D5108FD8
ZoneAlarmTrojan-PSW.Win32.QQPass.ak
GDataGeneric.Malware.SMg.D5108FD8
GoogleDetected
AhnLab-V3Trojan/Win32.OnlineGameHack.R24849
VBA32BScope.TrojanPSW.QQPass
ALYacGeneric.Malware.SMg.D5108FD8
TACHYONTrojan-PWS/W32.DP-QQPass.94208
DeepInstinctMALICIOUS
Cylanceunsafe
TrendMicro-HouseCallTROJ_LEGMIR.A
TencentTrojan.Win32.AutoRun.16000275
YandexTrojan.GenAsa!DkBuQuvMkxw
IkarusTrojan-PWS.Win32.QQPass
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/LegMir.AD!tr
Cybereasonmalicious.b28659
PandaTrj/Legmir.D

How to remove Malware.AI.2126017844?

Malware.AI.2126017844 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment