Malware.AI.2641892858 (file analysis)

The Malware.AI.2641892858 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2641892858 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.2641892858?


File Info:
name: 4560A614DFE13E996DF3.mlw
path: /opt/CAPEv2/storage/binaries/c33c1d14fda6bd6776370833892d3fbcb366c32e5bf93ba278ec9e0805a76bda
crc32: 4D49265E
md5: 4560a614dfe13e996df3aaed7c1457d2
sha1: 74170e5110f1186c582ba7d2164db26ad6fdab93
sha256: c33c1d14fda6bd6776370833892d3fbcb366c32e5bf93ba278ec9e0805a76bda
sha512: c032fc38008111a3b3f91026bf700dd9f66460616841f7700dc120cf8aff23f10b0e18b916074d1e3b387af8c2fcf6763af1ee15e350e67c5f89898c72fba767
ssdeep: 6144:wJEMWW8V+iB5k2m71IvUyqcGxzpTt5BERhl4xxgZl1UthxyDPgl+y3PhlNeh7:wJEMWW8NB5YPPJQ1UGPglRP/NU
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1D0A4DFC2714A27C9DE29E1322192AD03B136DFF0DE932545A4CBFB360879F915B19D3A
sha3_384: 84ef896e7b68071b199bea4b66102a38f59862c8d5c3ca7af091151b11a698545bda5f572bd9f7f0ddc4aac78571fa82
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2027-04-17 06:20:40

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft (R) Contacts Import Tool
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: WABMIG.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WABMIG.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.2641892858 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.4560a614dfe13e99
ALYac	Win64.Expiro.Gen.6
Cylance	Unsafe
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
Cybereason	malicious.110f11
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
APEX	Malicious
ClamAV	Win.Virus.Expiro-9900769-0
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
NANO-Antivirus	Virus.Win64.Expiro.clnvwd
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Sophos	ML/PE-A + W64/Expiro-AX
DrWeb	Win64.Expiro.132
TrendMicro	Virus.Win64.EXPIRO.MR
Emsisoft	Win64.Expiro.Gen.6 (B)
Ikarus	Virus.Win64.Expiro
GData	Win64.Expiro.Gen.6
Jiangmin	Trojan.Bingoml.akq
Avira	TR/Patched.Gen
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
Malwarebytes	Malware.AI.2641892858
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
SentinelOne	Static AI – Malicious PE
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	virus.win64.expiro.gen

How to remove Malware.AI.2641892858?

Malware.AI.2641892858 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X