Malware

About “Malware.AI.2492217391” infection

Malware Removal

The Malware.AI.2492217391 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2492217391 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup

How to determine Malware.AI.2492217391?



File Info:

name: 18A9B9B57D88A94094BB.mlw
path: /opt/CAPEv2/storage/binaries/2e334434098e1a8fa54d1dd1967995860e5cbe4c6b652087b7139100fbd98122
crc32: 198C1FE6
md5: 18a9b9b57d88a94094bbbf2b8afb1f71
sha1: b5e2d40e9248262d4b9a9428f9281a89c4bf9b1f
sha256: 2e334434098e1a8fa54d1dd1967995860e5cbe4c6b652087b7139100fbd98122
sha512: a6ddba78c5b867c064c941f7df8fe040042f60a420dfcdba3a986c4a76ccbcc146b59f2c51e357015cb22a206dd6d852387c0d465dcbcc4953c08209c1c18a0d
ssdeep: 12288:iEmXmBBDNrhgdor7qZBK5ApICUstyCK8:tm2HmofqTWAFUsty
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T198A48C5A739D1E11C3AE0B76CAE361740755CC1DC9CAE30F64C53CE4BA6438EA9A624F
sha3_384: 84a895581563dda93f2bafe5b24cc6ab74b158b482cc30601d32f897c4b2fdaa11598125b4478dca16d9d0622d036091
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-26 22:06:31


Version Info:

Translation: 0x0409 0x04e4
FileDescription: SplitCam Stream Splitter
FileVersion: 7.5.3.2
InternalName: SplitCam.exe
LegalCopyright: Copyright 2003-2016 (c) SplitCam Co.  All rights reserved.
OriginalFilename: SplitCam.exe
ProductVersion: 7.5.3.2
Assembly Version: 0.0.0.0
CompanyName: SplitCam Co.
ProductName: SplitCam

Malware.AI.2492217391 also known as:

LionicTrojan.Win32.Generic.lWjP
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.109261
FireEyeGeneric.mg.18a9b9b57d88a940
ALYacGen:Variant.Lazy.109261
MalwarebytesMalware.AI.2492217391
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:MSIL/Albertina.51164129
K7GWTrojan ( 004c25461 )
K7AntiVirusTrojan ( 004c25461 )
BitDefenderThetaGen:NN.ZemsilF.34182.Bm0@a4S2p!ii
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.BFD
APEXMalicious
KasperskyHEUR:Backdoor.MSIL.Albertina.gen
BitDefenderGen:Variant.Lazy.109261
AvastWin32:RATX-gen [Trj]
TencentMsil.Backdoor.Albertina.Dzuf
Ad-AwareGen:Variant.Lazy.109261
SophosMal/Generic-S
DrWebTrojan.MulDrop19.26953
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTROJ_GEN.R014C0WAT22
McAfee-GW-EditionRDN/Generic BackDoor
EmsisoftGen:Variant.Lazy.109261 (B)
IkarusTrojan.MSIL.Injector
AviraTR/Crypt.CFI.Gen
MicrosoftBackdoor:MSIL/Gensteal.A
ArcabitTrojan.Lazy.D1AACD
ViRobotTrojan.Win32.Z.Lazy.450560.C
ZoneAlarmHEUR:Backdoor.MSIL.Albertina.gen
GDataGen:Variant.Lazy.109261
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.ZBot.C4936810
McAfeeRDN/Generic BackDoor
MAXmalware (ai score=82)
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R014C0WAT22
RisingMalware.FakePIC/ICON!1.6AB7 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/BFD!tr
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.e92482
PandaTrj/GdSda.A

How to remove Malware.AI.2492217391?

Malware.AI.2492217391 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment