Malware

Malware.AI.2375707204 removal instruction

Malware Removal

The Malware.AI.2375707204 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2375707204 virus can do?

  • A file was accessed within the Public folder.
  • Uses Windows utilities for basic functionality
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the RedLine malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.2375707204?



File Info:

name: 76F98B1B5B727EE947D0.mlw
path: /opt/CAPEv2/storage/binaries/446f55307a8d6dcbc4f281d018ab132496f5b5be184ff0b73894f43412c09df0
crc32: F284F2C3
md5: 76f98b1b5b727ee947d058f6bf52de26
sha1: d7e9ab453e73840385688cf124ab51cb221afb34
sha256: 446f55307a8d6dcbc4f281d018ab132496f5b5be184ff0b73894f43412c09df0
sha512: 5216098fbe2a4b21a7ceb199bcff84b1ae004e3076d1567a1db6a567bdd11b48899fbb2f186638ea70959b0acec2164b6304e071e9ab9db08c576a0ce40be68a
ssdeep: 6144:K4y+bnr+yp0yN90QEToQhNjwTtzGCg5cJSiEfbNj4MAiim3wwSLd+Q8kKDNszv:0Mrey907UTtGziEjNjk2Sh+Q8pDu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19A840113B7E98137E9B5277018F703830F327C6698B9836B37859A5A1CB26D0E47172B
sha3_384: 4f2102ee32ab6e0e3285a957ce13d7d1991ee51666fceb01e3b486a3de7c5c51df76f4557e282babb1bd14b443225404
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0409 0x04b0

Malware.AI.2375707204 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Agent.Y!c
MicroWorld-eScanGen:Heur.Crifi.1
ClamAVWin.Malware.Doina-10001799-0
FireEyeGen:Heur.Crifi.1
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
McAfeeArtemis!76F98B1B5B72
MalwarebytesMalware.AI.2375707204
VIPREGen:Heur.Crifi.1
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005aad751 )
AlibabaTrojanSpy:Win32/Stealer.12926bad
K7GWTrojan ( 005aad751 )
Cybereasonmalicious.53e738
VirITTrojan.Win32.Genus.SRD
CyrenW32/Kryptik.JKR.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
APEXMalicious
CynetMalicious (score: 99)
BitDefenderGen:Heur.Crifi.1
NANO-AntivirusTrojan.Win32.Disabler.junsud
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:TrojanX-gen [Trj]
TencentMsil.Trojan-Spy.Redline.Ymhl
SophosTroj/PlugX-EC
F-SecureTrojan.TR/Disabler.ocayi
DrWebTrojan.Siggen19.32857
TrendMicroTrojan.Win32.AMADEY.YXDFWZ
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
EmsisoftGen:Heur.Crifi.1 (B)
IkarusTrojan.Spy.Stealer
GDataWin32.Trojan-Downloader.Amadey.D
JiangminTrojanSpy.MSIL.danh
AviraTR/Disabler.ocayi
Antiy-AVLTrojan/Script.Phonzy
XcitiumApplicUnwnt@#1ftfc2ja2g1dd
ArcabitTrojan.Crifi.1
ZoneAlarmHEUR:Trojan.MSIL.Agent.gen
MicrosoftTrojan:MSIL/plugx!atmn
GoogleDetected
AhnLab-V3Trojan/Win.TrojanX-gen.R592697
Acronissuspicious
ALYacGen:Heur.Crifi.1
MAXmalware (ai score=81)
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTrojan.Win32.AMADEY.YXDFWZ
RisingStealer.Agent!1.E5F0 (CLASSIC)
YandexTrojan.Disabler!G6z7qDxyklM
SentinelOneStatic AI – Malicious SFX
FortinetPossibleThreat
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.2375707204?

Malware.AI.2375707204 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment