Malware

What is “Malware.AI.2285126627”?

Malware Removal

The Malware.AI.2285126627 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2285126627 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Malware.AI.2285126627?



File Info:

name: 5BCA416B80728AD85689.mlw
path: /opt/CAPEv2/storage/binaries/001b2294b8984e89fbc6fed278278b01950b93812df75d2918b9e32a3012dca6
crc32: 1EBA1B17
md5: 5bca416b80728ad856892ff6dc07a08f
sha1: c5cce57b80d912909be816b5744fb49df7770bd7
sha256: 001b2294b8984e89fbc6fed278278b01950b93812df75d2918b9e32a3012dca6
sha512: 8394afc4fe1f76cd93cc101b1a06a0a077c6cc265bc40813150cb5975cc401c5686c4d1ce8dc045421b9a22037489754fee059c9f88dd40e080a81dc9f56bb94
ssdeep: 6144:/EauZm3dRxdap46Yx8Xv0YO53PAxl8jdBHN0leYTFgiJ0U33:/Ea0m3drd8c8/xIQ8jntyec0UH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E74B4337BFC059AC94527FC286C1098DA9379B1C131E1E29F8A985A67358E3DEE4F41
sha3_384: ba8a294b5e74466592a40dbb0eec280d65b35f4402e376845b5a4fe04f1bc1d778849164c74103c2925d13d45f61b1d6
ep_bytes: e87b02ffffc300000000000000000000
timestamp: 2013-09-30 14:31:49


Version Info:

0: [No Data]

Malware.AI.2285126627 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Bublik.lKR0
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.106973
FireEyeGeneric.mg.5bca416b80728ad8
CAT-QuickHealTrojanspy.Zbot.8731
ALYacGen:Variant.Barys.106973
CylanceUnsafe
VIPREGen:Variant.Barys.106973
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanSpy:Win32/PackBackdoor.a9b59098
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.b80728
VirITTrojan.Win32.Generic.DEJ
CyrenW32/A-cf78b30f!Eldorado
SymantecTrojan.Zbot
ESET-NOD32Win32/Spy.Zbot.AAU
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-63876
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.106973
NANO-AntivirusTrojan.Win32.Zbot.cqnofn
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Trojan-gen
TencentWin32.Trojan.Zbot.Xp2p
Ad-AwareGen:Variant.Barys.106973
ComodoTrojWare.Win32.Agent.QELF@53m8nk
DrWebTrojan.PWS.Panda.4379
ZillyaTrojan.Zbot.Win32.138601
TrendMicroTROJ_SPNR.32J013
McAfee-GW-EditionPWSZbot-FFA!5BCA416B8072
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Barys.106973 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.106973
JiangminTrojanSpy.Zbot.dwfw
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.31
KingsoftWin32.Troj.Zbot.qe.(kcloud)
ViRobotTrojan.Win32.Z.Zbot.346112
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.C203253
McAfeePWSZbot-FFA!5BCA416B8072
TACHYONTrojan-Spy/W32.ZBot.346112.AJ
VBA32TrojanSpy.Zbot
MalwarebytesMalware.AI.2285126627
TrendMicro-HouseCallTROJ_SPNR.32J013
RisingTrojan.Kryptik!1.C070 (CLASSIC)
YandexTrojanSpy.Zbot!6CtGbUTMNUQ
IkarusBackdoor.Win32.Androm
FortinetW32/Agent.ABI!tr
BitDefenderThetaGen:NN.ZexaF.34582.vu1@aKRoHtei
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.2285126627?

Malware.AI.2285126627 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment