Malware

Malware.AI.22817575 (file analysis)

Malware Removal

The Malware.AI.22817575 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.22817575 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Deletes executed files from disk

How to determine Malware.AI.22817575?



File Info:

name: 21A0F9E81E542FF9D3DD.mlw
path: /opt/CAPEv2/storage/binaries/d1ab0ffd4bbd7566fb16dc4c3ad3c491dbe5032a5ce64c407ffa3004d1673ec5
crc32: 8B9A1E40
md5: 21a0f9e81e542ff9d3dd9de4283d34b5
sha1: 16d4633af3a5fe7ba8707ba37d61f5bf0bf5a468
sha256: d1ab0ffd4bbd7566fb16dc4c3ad3c491dbe5032a5ce64c407ffa3004d1673ec5
sha512: 9da0cdfc93cd22574680dc09a5a78614f16b7cd7fd312fe9d13baafe37876cc5c83f89f1a641ab9b4da9a88c34d6e6f9ee6cab13f07b18e547fc5c891d1e3b01
ssdeep: 6144:uL02IV8QP9TOpCdJdHuJcFD9Hm8abJ/dITrfGSs83N1Axaq:W0248Qu+JRulNSTr+V83N1saq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T158641280CB536371CD3225303251F62EF262E82566E94CD74FA887256CDEE1C273DBA5
sha3_384: 0927d66cf29b5c8bf0bb10471e9bb783b3a87502afb58e49a5a6edc1ed4d91987f150a420a657297b453a544edb8b3fc
ep_bytes: 60e8d10500000f835f8effffa899f583
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Malware.AI.22817575 also known as:

LionicTrojan.Win32.Agent.Y!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Doina.45629
FireEyeGeneric.mg.21a0f9e81e542ff9
ALYacGen:Variant.Barys.160809
CylanceUnsafe
VIPREGen:Variant.Barys.160809
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0057e5351 )
AlibabaTrojan:Win32/Kryptik.9b37e7f1
K7GWTrojan ( 0057e5351 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/VMProtect.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.VMProtect.WV
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Agent.xarvzm
BitDefenderGen:Variant.Doina.45629
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.115c6a8a
Ad-AwareGen:Variant.Barys.160809
SophosMal/Generic-S
ZillyaTrojan.VMProtect.Win32.51242
TrendMicroTROJ_GEN.R049C0PK922
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Doina.45629 (B)
IkarusWin32.Outbreak
GDataGen:Variant.Doina.45629
JiangminTrojan.Agent.dsyz
AviraTR/Crypt.XPACK.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.397A
ArcabitTrojan.Doina.DB23D
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C4532014
Acronissuspicious
McAfeeGenericRXRX-HO!21A0F9E81E54
MAXmalware (ai score=81)
VBA32TScope.Trojan.Delf
MalwarebytesMalware.AI.22817575
TrendMicro-HouseCallTROJ_GEN.R049C0PK922
RisingTrojan.Generic@AI.100 (RDML:cLSU7Vm7VZOa7NoDnEYvnA)
YandexTrojan.VMProtect!WawoXgnds7U
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VMProtect.WV!tr
BitDefenderThetaAI:Packer.D0FB21411F
AVGWin32:Trojan-gen
Cybereasonmalicious.81e542
PandaTrj/Genetic.gen

How to remove Malware.AI.22817575?

Malware.AI.22817575 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment