How to remove “Malware.AI.2516567152”?

The Malware.AI.2516567152 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2516567152 virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Creates a copy of itself

How to determine Malware.AI.2516567152?


File Info:
name: 8A1B309F58707B00E5B2.mlw
path: /opt/CAPEv2/storage/binaries/2cde7b270254e9cd245ec0fefe1e89c0f3b4541f99b19719c87da961319d7a42
crc32: 04DE75D4
md5: 8a1b309f58707b00e5b286e32d6ecc20
sha1: 30485f9564fc04efbece93945db5647215220078
sha256: 2cde7b270254e9cd245ec0fefe1e89c0f3b4541f99b19719c87da961319d7a42
sha512: abfd7d96ab6a9d7fe23e28cc156ddd316538d099a1c305446aa57ebab74884ef1cf15bcfaac49ce27e768d6450324dc4c471dd9450e724b4bc68c669a3bdabb4
ssdeep: 1536:56UgLtBd0Di0QlHr+0Uk1IrmL6TmyDffMtFuv/u:RgLii0QlL+0f1Z+SyDffoFR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102739E42B74C460BD8FD0F74E4DA9352233AEF4A9E229B4F1094B05A0FF239569C26DD
sha3_384: 475ef22610f4e30aaaf2ab01ac7fe2c8a93d1d354e6c61198d847124f8476fd847ce71ff9a3878327a85b9dd61fd1250
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-10-16 05:24:10

Version Info:
Translation: 0x0000 0x04b0
CompanyName: Microsoft 
FileDescription: Microsoft Word Document 
FileVersion: 1.0.0.0
InternalName: filescan.exe
LegalCopyright: Microsoft Office Copyright ©  2015 
OriginalFilename: filescan.exe
ProductName: windowsscan
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.2516567152 also known as:

DrWeb	Trojan.DownLoader16.59011
MicroWorld-eScan	IL:Trojan.MSILZilla.8300
FireEye	IL:Trojan.MSILZilla.8300
VIPRE	IL:Trojan.MSILZilla.8300
K7AntiVirus	Unwanted-Program ( 700000121 )
K7GW	Unwanted-Program ( 700000121 )
Cybereason	malicious.f58707
BitDefenderTheta	Gen:NN.ZemsilF.34592.em2@aiUs@c
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Small.AAP
APEX	Malicious
ClamAV	Win.Spyware.CrimsonRat-9859243-0
Kaspersky	Trojan.MSIL.Agent.fofq
BitDefender	IL:Trojan.MSILZilla.8300
NANO-Antivirus	Trojan.Win32.Dwn.dzwukj
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	IL:Trojan.MSILZilla.8300
Emsisoft	IL:Trojan.MSILZilla.8300 (B)
Zillya	Trojan.Agent.Win32.1115438
Sophos	Troj/Foreign-AF
SentinelOne	Static AI – Malicious PE
GData	IL:Trojan.MSILZilla.8300
Jiangmin	Trojan.Agent.vcv
Google	Detected
Avira	HEUR/AGEN.1203635
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Generic.ASMalwS.2D
Microsoft	Backdoor:Win32/Bladabindi!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win32.Generic.C1133191
ALYac	IL:Trojan.MSILZilla.8300
Malwarebytes	Malware.AI.2516567152
Ikarus	Trojan-Downloader.MSIL.Small
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Small.AAP!tr
AVG	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Malware.AI.2516567152?

Malware.AI.2516567152 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X