Malware

Malware.AI.2283146628 (file analysis)

Malware Removal

The Malware.AI.2283146628 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2283146628 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.2283146628?



File Info:

name: 64B108CA4570EAF993F9.mlw
path: /opt/CAPEv2/storage/binaries/76591fd771784d63054922a4b48792226fb47579594b974bbbda1a14f3f539c4
crc32: FF9667DC
md5: 64b108ca4570eaf993f94e49e88ab041
sha1: 0a0efd30444e677fc7a556b6a80e2e416260b4b7
sha256: 76591fd771784d63054922a4b48792226fb47579594b974bbbda1a14f3f539c4
sha512: e61083b516e5a62d0e5ce6cdbc67f3d6b6de538304645dbc1de0d60f660a45ab29c02d1154eb5458af20b764e5f13dfb6790734684c4ae78775db76e673c3ef6
ssdeep: 49152:weC41awQ43hO3MxFCmGfIzUux8r2vVJwPqBJIzUux8UhnZ/dgcYIzUux8r2vVJwC:wzChQ4RGGGS42NQqOTZao42NQqOu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1091612577473BCEDD8BEF9745C8D6C3729B2A9CE81A5E901B9B48D048EC2F49A40D306
sha3_384: d3618fadd1c9167809bef2e0823207677129cb0c2c9c970739d9ba10fc4405efbb5e9d24cb208c2d3e7a9dde12452c32
ep_bytes: ba000000005121c0485f01c05789db81
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Malware.AI.2283146628 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.883920
FireEyeGeneric.mg.64b108ca4570eaf9
ALYacGen:Variant.Razy.883920
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojan:Win32/Injector.b236513b
K7GWTrojan ( 00577ea11 )
Cybereasonmalicious.a4570e
CyrenW32/Kryptik.ECA.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DZQA
APEXMalicious
AvastWin32:Evo-gen [Susp]
KasperskyTrojan.Win32.Khalesi.lrco
BitDefenderGen:Variant.Razy.883920
NANO-AntivirusVirus.Win32.Gen.ccmw
TencentMalware.Win32.Gencirc.11d722dc
Ad-AwareGen:Variant.Razy.883920
SophosML/PE-A + Troj/Agent-BGOS
BitDefenderThetaGen:NN.ZexaF.34062.9xZ@a4vdIlp
TrendMicroTROJ_GEN.R002C0PL721
McAfee-GW-EditionBehavesLike.Win32.Glupteba.wc
EmsisoftGen:Variant.Razy.883920 (B)
Paloaltogeneric.ml
JiangminTrojan.Generic.hdxvy
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.335604F
GridinsoftRansom.Win32.Wacatac.sa
GDataGen:Variant.Razy.883920
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R299848
McAfeeGlupteba-FTTQ!64B108CA4570
MAXmalware (ai score=88)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.2283146628
TrendMicro-HouseCallTROJ_GEN.R002C0PL721
RisingTrojan.Kryptik!1.D284 (CLASSIC)
YandexTrojan.Agent!i+DgPxA/n+M
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.ECM!tr
AVGWin32:Evo-gen [Susp]
PandaTrj/CI.A

How to remove Malware.AI.2283146628?

Malware.AI.2283146628 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment