Malware

Malware.AI.2676739878 (file analysis)

Malware Removal

The Malware.AI.2676739878 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.2676739878 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (5 unique times)
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Attempts to create or modify system certificates
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

telete.in
marianne.ac.ug
dancedance.ac.ug
apps.identrust.com
blacksmokegun.top

How to determine Malware.AI.2676739878?


File Info:

crc32: EF5B029F
md5: 36e13ec1e19ec9e7667d3ba4453f7649
name: 36E13EC1E19EC9E7667D3BA4453F7649.mlw
sha1: dc11ae17dd3ffaaa355a414ed4404570da5e2f46
sha256: 15226ca74b25627920e79683582ea7f46263e461585ca3f0d7af5cae7b6b8308
sha512: 3b1fe522e9246555030536798789c3b10027212bae989a5234dab16bda1463d46cdaf3350f0bfd2b76c211cd590a4ea66cd15d7bd01a75861ab6880f0ee560bb
ssdeep: 24576:QQCemrx/IW4tfPmeuBO4GPDRwrbrtJerRMYEa0wz7UOX1hIVeool:QQCemrxw7IGPDRw3r7fYEa0wMOlhIVev
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0407 0x04b0
ProductVersion: 1.00
InternalName: Ersmslfksepomvdmnf222
FileVersion: 1.00
OriginalFilename: Ersmslfksepomvdmnf222.exe
ProductName: Nxedsdcxsewaedea

Malware.AI.2676739878 also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.VbCrypt.250
MicroWorld-eScanGen:Variant.Graftor.879456
ALYacGen:Variant.Graftor.879456
CylanceUnsafe
AegisLabTrojan.Win32.Graftor.4!c
SangforMalware
K7AntiVirusTrojan ( 0057680d1 )
BitDefenderGen:Variant.Graftor.879456
K7GWTrojan ( 0057680d1 )
Cybereasonmalicious.1e19ec
ArcabitTrojan.Graftor.DD6B60
BitDefenderThetaGen:NN.ZevbaF.34780.fn1@aKfxdsF
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Chapak.eysp
AlibabaTrojan:Win32/Injector.5659b923
RisingTrojan.Injector!1.C6AF (CLASSIC)
Ad-AwareGen:Variant.Graftor.879456
SophosMal/Generic-S
F-SecureTrojan.TR/Injector.qyerc
McAfee-GW-EditionBehavesLike.Win32.Fareit.tc
FireEyeGeneric.mg.36e13ec1e19ec9e7
EmsisoftGen:Variant.Graftor.879456 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Injector.qyerc
MAXmalware (ai score=80)
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win32/Ymacco.AA15
GDataGen:Variant.Graftor.879456
CynetMalicious (score: 100)
McAfeeArtemis!36E13EC1E19E
MalwarebytesMalware.AI.2676739878
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Injector.EOFI
TrendMicro-HouseCallTROJ_GEN.R06CH0CAP21
IkarusWin32.Outbreak
FortinetW32/EOFI!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_80% (D)
Qihoo-360Generic/HEUR/QVM20.1.DB98.Malware.Gen

How to remove Malware.AI.2676739878?

Malware.AI.2676739878 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment