Malware

Malware.AI.2142599337 (file analysis)

Malware Removal

The Malware.AI.2142599337 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2142599337 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Attempts to connect to a dead IP:Port (255 unique times)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Writes a potential ransom message to disk
  • Collects and encrypts information about the computer likely to send to C2 server
  • Performs a large number of encryption calls using the same key possibly indicative of ransomware file encryption behavior
  • Exhibits possible ransomware file modification behavior

How to determine Malware.AI.2142599337?



File Info:

name: 8C54C65F1F36C13A3B67.mlw
path: /opt/CAPEv2/storage/binaries/38784c635de9716c09a6f11f4d76f6402b5f6638f1614ed929c7de136bb5301a
crc32: 219C0857
md5: 8c54c65f1f36c13a3b67301ada6f9744
sha1: a803a4b305415b66f22ed29d08017c286b8cb9ef
sha256: 38784c635de9716c09a6f11f4d76f6402b5f6638f1614ed929c7de136bb5301a
sha512: ddce93ccd5af59fb4b9a3687664e19b2a6e69a09eff6e4504ff8de7d6420609f10f27ca4bd41b04dd9bdbe1bf76ee97f1b2c4a8ec766424a49312c753da3f748
ssdeep: 24576:IBktd5tCfUsfLKX02b74GbOXHbqK3sCST/W:I6tFC8oKOmssCST/W
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D9256B00E640B127E9E300F685FB96B9997C6770236149CB12C86BF9EB256D47E31F1B
sha3_384: f8639cf058947e4c2c4e30eaa8d6d313bb35ac7a8f85fa8719ff1366fa1cbbfc6024853848509b21cf4f3f4b139c295f
ep_bytes: e86f050000e97afeffffcccccccccccc
timestamp: 2021-12-10 13:06:10


Version Info:

0: [No Data]

Malware.AI.2142599337 also known as:

LionicTrojan.Win32.Cryptor.j!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.66683
McAfeeArtemis!8C54C65F1F36
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3680651
SangforRansom.Win32.Cryptor.gen
K7AntiVirusTrojan ( 0058bcd21 )
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 0058bcd21 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNOP
APEXMalicious
ClamAVWin.Trojan.Mikey-9932950-0
KasperskyHEUR:Trojan-Ransom.Win32.Cryptor.gen
BitDefenderGen:Variant.Tedy.66683
AvastWin32:RansomX-gen [Ransom]
RisingTrojan.Kryptik!1.DAEF (CLOUD)
Ad-AwareGen:Variant.Tedy.66683
SophosMal/Generic-S
DrWebTrojan.Encoder.34831
TrendMicroRansom.Win32.CONTI.SMYXBLD
McAfee-GW-EditionArtemis
FireEyeGeneric.mg.8c54c65f1f36c13a
EmsisoftGen:Variant.Tedy.66683 (B)
IkarusTrojan.Win64.Bazarloader
GDataGen:Variant.Tedy.66683
JiangminTrojan.Cryptor.acm
AviraTR/Crypt.Agent.qvrvd
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.3516AAA
ArcabitTrojan.Tedy.D1047B
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalwareX-gen.C4693697
ALYacGen:Variant.Tedy.66683
MalwarebytesMalware.AI.2142599337
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HNOP!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34182.arW@a4aM9Gj
AVGWin32:RansomX-gen [Ransom]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.2142599337?

Malware.AI.2142599337 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment