Malware

Malware.AI.2641892858 (file analysis)

Malware Removal

The Malware.AI.2641892858 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.2641892858 virus can do?

  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Malware.AI.2641892858?


File Info:

name: 4560A614DFE13E996DF3.mlw
path: /opt/CAPEv2/storage/binaries/c33c1d14fda6bd6776370833892d3fbcb366c32e5bf93ba278ec9e0805a76bda
crc32: 4D49265E
md5: 4560a614dfe13e996df3aaed7c1457d2
sha1: 74170e5110f1186c582ba7d2164db26ad6fdab93
sha256: c33c1d14fda6bd6776370833892d3fbcb366c32e5bf93ba278ec9e0805a76bda
sha512: c032fc38008111a3b3f91026bf700dd9f66460616841f7700dc120cf8aff23f10b0e18b916074d1e3b387af8c2fcf6763af1ee15e350e67c5f89898c72fba767
ssdeep: 6144:wJEMWW8V+iB5k2m71IvUyqcGxzpTt5BERhl4xxgZl1UthxyDPgl+y3PhlNeh7:wJEMWW8NB5YPPJQ1UGPglRP/NU
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1D0A4DFC2714A27C9DE29E1322192AD03B136DFF0DE932545A4CBFB360879F915B19D3A
sha3_384: 84ef896e7b68071b199bea4b66102a38f59862c8d5c3ca7af091151b11a698545bda5f572bd9f7f0ddc4aac78571fa82
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2027-04-17 06:20:40

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft (R) Contacts Import Tool
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: WABMIG.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WABMIG.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.2641892858 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanWin64.Expiro.Gen.6
FireEyeGeneric.mg.4560a614dfe13e99
ALYacWin64.Expiro.Gen.6
CylanceUnsafe
K7AntiVirusVirus ( 00535e4a1 )
K7GWVirus ( 00535e4a1 )
Cybereasonmalicious.110f11
CyrenW64/Expiro.AH.gen!Eldorado
ESET-NOD32a variant of Win64/Expiro.CO
APEXMalicious
ClamAVWin.Virus.Expiro-9900769-0
KasperskyHEUR:Virus.Win64.Expiro.gen
BitDefenderWin64.Expiro.Gen.6
NANO-AntivirusVirus.Win64.Expiro.clnvwd
AvastWin64:Xpirat [Inf]
Ad-AwareWin64.Expiro.Gen.6
SophosML/PE-A + W64/Expiro-AX
DrWebWin64.Expiro.132
TrendMicroVirus.Win64.EXPIRO.MR
EmsisoftWin64.Expiro.Gen.6 (B)
IkarusVirus.Win64.Expiro
GDataWin64.Expiro.Gen.6
JiangminTrojan.Bingoml.akq
AviraTR/Patched.Gen
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASVirus.30B
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
MalwarebytesMalware.AI.2641892858
TrendMicro-HouseCallVirus.Win64.EXPIRO.MR
SentinelOneStatic AI – Malicious PE
FortinetW64/Expiro.BS
AVGWin64:Xpirat [Inf]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecurevirus.win64.expiro.gen

How to remove Malware.AI.2641892858?

Malware.AI.2641892858 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment