Malware

Malware.AI.2516562097 (file analysis)

Malware Removal

The Malware.AI.2516562097 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2516562097 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Malware.AI.2516562097?



File Info:

name: B76E8FF90F5C5A02EC18.mlw
path: /opt/CAPEv2/storage/binaries/6d8e1693dcf4a2337e7393e39be1f5efe96d1c158920f847866ea5ec7da53a87
crc32: 6779AB50
md5: b76e8ff90f5c5a02ec18d4905bc29f0b
sha1: 8d01f12e0cbe3adb45d10e478e64c10e081120db
sha256: 6d8e1693dcf4a2337e7393e39be1f5efe96d1c158920f847866ea5ec7da53a87
sha512: 00973e716f85f8564c364646b8a9669cfa4125450e84a4551deb8e7979c9dc8d11f309ce49fc8e452d52347b44582596f4df566c864a121cf45ea8475267626a
ssdeep: 98304:Aut58KSd2hMSaFU8qgVijaATkzjM4OiZrq1DfPHNADtV6v+rW:AubxG2wATkzjM4O7NADtV6v+r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5F5BF31FE58046AC05306316E99FE7CFF6E7CAC1B2E09BB17A07A99AA317414F15427
sha3_384: 09f339073eb9ea4c6d5aa2cbe853d26a93cc441e808f5a23a16f4d171fd451a913d19b252d86d5026bd43b78aa00c6df
ep_bytes: e8760d0000e97afeffff3b0de4bf5b00
timestamp: 2022-06-27 10:25:02


Version Info:

CompanyName: 
FileDescription: Loader
FileVersion: 1.1.1.1
InternalName: Loader.exe
LegalCopyright: anti  (C) .
OriginalFilename: Loader.exe
ProductName:  
ProductVersion: 1.1.1.0
Translation: 0x0009 0x04b0

Malware.AI.2516562097 also known as:

LionicTrojan.Win32.Cobalt.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fragtor.115371
McAfeeGenericRXTR-DX!B76E8FF90F5C
CylanceUnsafe
VIPREGen:Variant.Fragtor.115371
SangforTrojan.Win32.Agent.Varh
K7AntiVirusTrojan ( 005954a51 )
AlibabaBackdoor:Win32/Cobalt.f942efa0
K7GWTrojan ( 005954a51 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenKryptik.FXGS
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.Win32.Cobalt.gen
BitDefenderGen:Variant.Fragtor.115371
AvastWin32:HacktoolX-gen [Trj]
Ad-AwareGen:Variant.Fragtor.115371
EmsisoftGen:Variant.Fragtor.115371 (B)
ZillyaBackdoor.Cobalt.Win32.249
TrendMicroBackdoor.Win32.COBEACON.YXCG3Z
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
FireEyeGen:Variant.Fragtor.115371
GDataGen:Variant.Fragtor.115371
JiangminBackdoor.Cobalt.el
AviraTR/AD.Swrort.dmrdv
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.720E
ArcabitTrojan.Fragtor.D1C2AB
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.Generic.C5185558
ALYacGen:Variant.Fragtor.115371
MalwarebytesMalware.AI.2516562097
TrendMicro-HouseCallBackdoor.Win32.COBEACON.YXCG3Z
RisingTrojan.Cometer!8.E150 (CLOUD)
YandexTrojan.GenKryptik!cJMe1W2Dtzo
IkarusTrojan.Swrort
FortinetW32/GenKryptik.FXGS!tr
BitDefenderThetaGen:NN.ZexaF.34806.qx0@aSeydhib
AVGWin32:HacktoolX-gen [Trj]

How to remove Malware.AI.2516562097?

Malware.AI.2516562097 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment