Malware

Malware.AI.2558092820 malicious file

Malware Removal

The Malware.AI.2558092820 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2558092820 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Malware.AI.2558092820?



File Info:

name: E96007C5EFA15C6F86A3.mlw
path: /opt/CAPEv2/storage/binaries/002481b3106f71f1cb8e5e3803e6bd897d3dd5e8f7b7e6c248d3d30dad696448
crc32: AD1D2FE7
md5: e96007c5efa15c6f86a312718004f376
sha1: 97cfc71d2cf8864fe2d208a88f06e55db5a26653
sha256: 002481b3106f71f1cb8e5e3803e6bd897d3dd5e8f7b7e6c248d3d30dad696448
sha512: 18562c77af6eca4e26e500bf0b6b07cd2013f66fd578df88924c7348b85fc2fdac2ac3a22457e1ed45a7aaa142c4b42c64286c77a257456567af8f48434eb1a4
ssdeep: 3072:QL4vsbM6+uW8Y9Ra9JIxXFoF8JkNOFuwNCoUYl2ZuqCD3degVuLU:24vbudaRa9axVoOYOg9VRCD3HEU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T189E312E6579DC58DC75B9E7666A88B3BB032713FADF6C450605EE1DF304E22C800189E
sha3_384: 914319143114ef082f6abe39a912580fbe6f6bc09e6f6c987fbdcedadefb0b0390510cdb0aa620c86cdaf112a3c5e6a5
ep_bytes: 60be001043008dbe0000fdff5783cdff
timestamp: 2006-01-24 13:31:17


Version Info:

CompanyName: ОФнбзщЫУшВНШэрзюЫзОюхюлОжЬъЧ
FileDescription: ГкфЧючнЗЪнСсббЦюхЫепАП
FileVersion: 54.119.92.8
InternalName: шНшЫяИБКЮХИьмчлрЮьЬАВЯУЫяЛ
LegalCopyright: 9767-5092
OriginalFilename: 3Jl.exe
ProductName: йЖЕдЖчныБивОэршЭГяВхшЮЕ
ProductVersion: 54.119.92.8
Translation: 0x04b0 0x0417

Malware.AI.2558092820 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed.20343
MicroWorld-eScanGen:Variant.Bredo.6
FireEyeGeneric.mg.e96007c5efa15c6f
CAT-QuickHealTrojan.GenericPMF.S19414889
ALYacGen:Variant.Bredo.6
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Zbot.mt
K7AntiVirusTrojan ( f1000f011 )
AlibabaTrojanPSW:Win32/Kryptik.23e94076
K7GWTrojan ( f1000f011 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.4DF9F3961F
CyrenW32/Qakbot.A.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Kryptik.HAZ
TrendMicro-HouseCallBKDR_QAKBOT.SMC
ClamAVWin.Trojan.Zbot-17987
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Bredo.6
NANO-AntivirusTrojan.Win32.Zbot.ddance
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b87701
Ad-AwareGen:Variant.Bredo.6
EmsisoftGen:Variant.Bredo.6 (B)
ComodoMalCrypt.Indus!@1qrzi1
ZillyaTrojan.Zbot.Win32.23480
TrendMicroBKDR_QAKBOT.SMC
McAfee-GW-EditionBehavesLike.Win32.Downloader.cc
SophosMal/Generic-R + Mal/FakeAV-DV
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Bredo.6
JiangminTrojanSpy.Zbot.aifc
eGambitGeneric.PSW
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.AGeneric
KingsoftWin32.Troj.Zbot.ak.(kcloud)
ArcabitTrojan.Bredo.6
ViRobotTrojan.Win32.A.Zbot.150596[UPX]
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Heur.h10.R55047
McAfeeGenericRXAA-AA!E96007C5EFA1
MAXmalware (ai score=99)
VBA32BScope.Trojan.Packed
MalwarebytesMalware.AI.2558092820
APEXMalicious
RisingSpyware.Zbot!8.16B (C64:YzY0OrMs/DlWK4gU)
YandexTrojan.GenAsa!aO2MQdZZ1CI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.AKTM!tr
WebrootW32.Infostealer.Zeus
AVGWin32:Malware-gen
Cybereasonmalicious.5efa15
PandaTrj/Sinowal.XEG

How to remove Malware.AI.2558092820?

Malware.AI.2558092820 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment