Malware

Malware.AI.2413524522 removal guide

Malware Removal

The Malware.AI.2413524522 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2413524522 virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a process and injected code into it, probably while unpacking
  • Detects the presence of Wine emulator via function name
  • Queries information on disks, possibly for anti-virtualization
  • Collects information about installed applications
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key

Related domains:

teal.throcytes.ru
yoph.tructure.ru

How to determine Malware.AI.2413524522?



File Info:

crc32: B9E5A091
md5: dee775848f56051d8cead67193089b9a
name: DEE775848F56051D8CEAD67193089B9A.mlw
sha1: 156a716ed61b0d18beb06d47ff8a45de13ee5106
sha256: f91d9f6e3f43243abab82bff2c06597f207da561e347b3bd0dedc305016bff0b
sha512: 547fe2fd2530228e6a46b66247d8091c4a9fec12cf937bd24e26613fc96c0f99e32e590e155c766bbb57f2a2dd6c49eb78ead0038e3ab4bf4abe3da6b6834641
ssdeep: 49152:yGga/ZwAfjc5wooLKzN5V8F5wXYg/GZOyP3R0zvhGc3T4s8MO01n6EXt+ak:yb5A7ewoFBI6XBGj0NL3k4OeG
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: iGHCopyright
InternalName: iGHName
FileVersion: 14.1.10.280
LegalTrademarks: iGHTrademarks
Comments: iGHmments
ProductName: iGHName
ProductVersion: 13.4.6.3
OriginalFilename: iGHFilename
Translation: 0x2009 0x04e4

Malware.AI.2413524522 also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.InstallMonster.1549
MicroWorld-eScanGen:Heur.Mint.Dreidel.8oLfxmhm64ck
FireEyeGeneric.mg.dee775848f56051d
CAT-QuickHealTrojan.Inject.A11
ALYacGen:Heur.Mint.Dreidel.8oLfxmhm64ck
MalwarebytesMalware.AI.2413524522
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusAdware ( 0053082d1 )
BitDefenderGen:Heur.Mint.Dreidel.8oLfxmhm64ck
K7GWAdware ( 0053082d1 )
Cybereasonmalicious.48f560
BitDefenderThetaAI:Packer.D06BC34921
CyrenW32/AdAgent.AX.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Inject.eredxt
TencentMalware.Win32.Gencirc.10b33402
Ad-AwareGen:Heur.Mint.Dreidel.8oLfxmhm64ck
SophosMal/Generic-S
ComodoApplication.Win32.InstallMonster.OX@7h13ak
F-SecureAdware.ADWARE/InstMonster.Gen7
ZillyaTrojan.Inject.Win32.239801
TrendMicroHT_INJECT_GG310363.UVPM
McAfee-GW-EditionBehavesLike.Win32.AdwareIMonster.vc
EmsisoftGen:Heur.Mint.Dreidel.8oLfxmhm64ck (B)
SentinelOneStatic AI – Malicious PE – Installer
JiangminTrojan.Inject.zla
AviraADWARE/InstMonster.Gen7
MAXmalware (ai score=88)
Antiy-AVLTrojan/Win32.Inject
ArcabitTrojan.Mint.Dreidel.8oLfxmhm64ck
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Heur.Mint.Dreidel.8oLfxmhm64ck
AhnLab-V3PUP/Win32.InstMonster.R205331
McAfeeArtemis!DEE775848F56
VBA32Trojan.Inject
ESET-NOD32a variant of Win32/InstallMonstr.TW potentially unwanted
TrendMicro-HouseCallHT_INJECT_GG310363.UVPM
RisingTrojan.Inject!8.103 (TFE:5:Wa2X4pEaP1J)
YandexTrojan.GenAsa!Gag0dxxU5t4
IkarusPUA.InstallMonstr.Up
FortinetW32/Injector.CTWA!tr
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Virus.Adware.eb3

How to remove Malware.AI.2413524522?

Malware.AI.2413524522 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment