Malware

Malware.AI.2438198022 (file analysis)

Malware Removal

The Malware.AI.2438198022 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2438198022 virus can do?

  • Starts servers listening on 0.0.0.0:5434
  • The executable is compressed using UPX
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Attempts to modify or disable Security Center warnings
  • Attempts to block SafeBoot use by removing registry keys
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Malware.AI.2438198022?



File Info:

crc32: 214140EE
md5: 36bfd45a31695e1f1f61776a3f95e01a
name: 36BFD45A31695E1F1F61776A3F95E01A.mlw
sha1: 654f7cedee51c9b53c58905589a5b1f5f53f532a
sha256: 0184a79ac75520d93128ee0482ae417662ce653176085a9f9b4f632dbea54fa6
sha512: c536dac3ffbbd4b87a8057be64d358ff09b82ab81986f87a157a086a79f0b56af490f99b81030e2d4db9b186c7de0023d8f83cec94003a815d953db01814935e
ssdeep: 3072:yBhs0M++H3RrR2DMTtqvqWIVdC0i9EoX+TZ2pl:yBhsXhRrRygtqvqWAdC0loX+TZal
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed


Version Info:

0: [No Data]

Malware.AI.2438198022 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0002183d1 )
Elasticmalicious (high confidence)
DrWebTrojan.NtRootKit.6725
CynetMalicious (score: 100)
CAT-QuickHealTrojan.GenericIH.S12987912
ALYacGenPack:Generic.Malware.PfDYVdPk!1g.5E8988BE
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.41629
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0002183d1 )
Cybereasonmalicious.a31695
BaiduWin32.Trojan.Small.a
CyrenW32/Injector.A.gen!Eldorado
SymantecW32.Sality.AE
ESET-NOD32a variant of Win32/Sality.NAQ
APEXMalicious
AvastWin32:Agent-APKD [Trj]
ClamAVWin.Trojan.Crypt-6607
KasperskyTrojan-Ransom.Win32.Blocker.gfhu
BitDefenderGenPack:Generic.Malware.PfDYVdPk!1g.5E8988BE
NANO-AntivirusTrojan.Win32.Blocker.ezjand
MicroWorld-eScanGenPack:Generic.Malware.PfDYVdPk!1g.5E8988BE
TencentWin32.Virus.Sality.Llhv
Ad-AwareGenPack:Generic.Malware.PfDYVdPk!1g.5E8988BE
SophosMal/Generic-S
ComodoPacked.Win32.MUPX.Gen@24tbus
BitDefenderThetaAI:Packer.FED2F9CF1D
VIPRETrojan.Win32.Pakes.bxp (fs)
McAfee-GW-EditionBehavesLike.Win32.Generic.dz
FireEyeGeneric.mg.36bfd45a31695e1f
EmsisoftGenPack:Generic.Malware.PfDYVdPk!1g.5E8988BE (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Generic.amnvp
AviraWORM/Rbot.Gen
eGambitUnsafe.AI_Score_100%
MicrosoftTrojan:WinNT/Sality
AegisLabTrojan.Win32.Blocker.j!c
ZoneAlarmTrojan-Ransom.Win32.Blocker.gfhu
GDataGenPack:Generic.Malware.PfDYVdPk!1g.5E8988BE
AhnLab-V3Trojan/Win32.Blocker.C2452344
Acronissuspicious
McAfeeW32/Sality-FPK!36BFD45A3169
MAXmalware (ai score=99)
VBA32Hoax.Blocker
MalwarebytesMalware.AI.2438198022
PandaTrj/CI.A
RisingMalware.Undefined!8.C (RDMK:cmRtazp39bHDYjP+TtmSTZEu6Hpa)
IkarusTrojan.Win32.Small
MaxSecureTrojan.Malware.8165240.susgen
FortinetW32/Sality.AG!tr
AVGWin32:Agent-APKD [Trj]
Paloaltogeneric.ml

How to remove Malware.AI.2438198022?

Malware.AI.2438198022 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment