Malware

Malware.AI.2309972144 removal tips

Malware Removal

The Malware.AI.2309972144 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2309972144 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.2309972144?



File Info:

name: 562EEB76D6A629C59A96.mlw
path: /opt/CAPEv2/storage/binaries/d3b2f3cee31150d318280de240d2548a5e0b564e049b13b0077b3dc8c23a468c
crc32: 89762FB7
md5: 562eeb76d6a629c59a965a83e777e5c9
sha1: 93f146a04166b174e835c51f13d155e8ea734e4e
sha256: d3b2f3cee31150d318280de240d2548a5e0b564e049b13b0077b3dc8c23a468c
sha512: b53211482da18c82d90c52f0b62fa1f437e5131c7bec395d180129f9cbe7ef4f437435e49e45c545f5486ec4c0696dc420319a6274a656ce667520755718c30d
ssdeep: 24576:yyYFMEK7FYTflZ1GUbIb0HoIw0B37rJ7Ytg+nzeET8/dYl:Z8MF7mTP1GUbIyrC7zeET8VY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E7252366A7D88037FCB64B700CFA13D75E2ABC909A31824777555A6A0CF3280B93537B
sha3_384: 5c694ad179d6f3141c8a7abcdd6ffd917529161fe2a2ad296355072d2f7f0196252db214f51c05fd6e56cf97616c2bba
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0409 0x04b0

Malware.AI.2309972144 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Convagent.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.37076
MicroWorld-eScanGen:Heur.Crifi.1
ClamAVWin.Malware.Doina-10001799-0
FireEyeGen:Heur.Crifi.1
CAT-QuickHealTrojan.GenericPMF.S30511625
McAfeeArtemis!562EEB76D6A6
MalwarebytesMalware.AI.2309972144
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 0059955a1 )
AlibabaTrojanDownloader:MSIL/Injurer.0c7e25e4
K7GWSpyware ( 0059955a1 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.GenusT.DNCL
CyrenW32/Kryptik.JKR.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
TrendMicro-HouseCallTrojan.Win32.AMADEY.YXDFWZ
CynetMalicious (score: 99)
KasperskyUDS:Trojan-Downloader.Win32.Deyma.gen
BitDefenderGen:Heur.Crifi.1
NANO-AntivirusTrojan.Win32.Injurer.jxkskl
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:PWSX-gen [Trj]
TencentMsil.Trojan.Redline.Timw
EmsisoftGen:Heur.Crifi.1 (B)
F-SecureTrojan.TR/AD.RedLineSteal.eltxc
VIPREGen:Heur.Crifi.1
TrendMicroTROJ_GEN.R011C0DGL23
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.moderate.ml.score
SophosTroj/PlugX-EC
IkarusTrojan-Spy.MSIL.Redline
GDataWin32.Trojan.PSE.19I8E74
JiangminTrojanSpy.MSIL.daik
AviraTR/AD.RedLineSteal.eltxc
MAXmalware (ai score=85)
Antiy-AVLTrojan[Spy]/MSIL.RedLine
XcitiumApplicUnwnt@#1ftfc2ja2g1dd
ZoneAlarmHEUR:Trojan.MSIL.Injurer.pef
MicrosoftTrojan:Win32/Amadey.RPX!MTB
GoogleDetected
Cylanceunsafe
PandaTrj/CI.A
APEXMalicious
RisingStealer.Agent!1.E5F0 (CLASSIC)
SentinelOneStatic AI – Malicious SFX
FortinetW32/Disabler.D!tr
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.04166b
DeepInstinctMALICIOUS

How to remove Malware.AI.2309972144?

Malware.AI.2309972144 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment