Malware

Malware.AI.2682293328 (file analysis)

Malware Removal

The Malware.AI.2682293328 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2682293328 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Syriac
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Creates known Ruskill mutexes
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.2682293328?



File Info:

name: FBA3A610CB693FB66C25.mlw
path: /opt/CAPEv2/storage/binaries/a11472dfebe4da2f0308a3705725601f75c80da44dc5fe1d84348620b0850dc8
crc32: B8D2ACD2
md5: fba3a610cb693fb66c25d2981a24f9e0
sha1: ea5f7ac0ce3fb153e4b3051face7d1679f71479f
sha256: a11472dfebe4da2f0308a3705725601f75c80da44dc5fe1d84348620b0850dc8
sha512: 0c602213c59f8794a4fda23f3d51ca56f6a7dff34b2aea0ee984b802b22893942b98c6c423fc667e9f2e1a1edbec9c5e31b62c2d9207ca506b7641865a797762
ssdeep: 6144:/EqApWPGc4wSEM04i/dZvixpU9Dru6GV8Qxdp9sOprhfl:sqAp+Z5jvixCp/GdpPjfl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E4943902F758C552C02E1A308CBA9BFD9625BC256F15438B3698BF7EBEB03C16A16355
sha3_384: 921d8c086f875ea3a104cc0ef1426d7a87733638b34238ef6f118d129cf5f0de9a9eb80b526e9a2400cfce862b665249
ep_bytes: e84f440000e989feffff2da403000074
timestamp: 2013-06-04 18:05:02


Version Info:

CompanyName: ICQ, LLC.
FileDescription: ICQ
FileVersion: 7.8.0.6800
InternalName: ICQ
LegalCopyright: Copyright (c) 1998-2010 ICQ, LLC.
LegalTrademarks: 
OriginalFilename: ICQ.exe
ProductName: ICQ
ProductVersion: 7.8.0.6800
DistId: 30015
Translation: 0x0409 0x04b0

Malware.AI.2682293328 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.20501
FireEyeGeneric.mg.fba3a610cb693fb6
ALYacTrojan.GenericKDZ.20501
CylanceUnsafe
VIPRETrojan.Win32.Reveton.a (v)
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaWorm:Win32/Dorkbot.1fe495da
K7GWTrojan ( 0055e3991 )
K7AntiVirusTrojan ( 0055e3991 )
BitDefenderThetaGen:NN.ZexaE.34232.Au0@a0yjjwbO
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Dorkbot.B
TrendMicro-HouseCallTROJ_SPNR.15GB13
Paloaltogeneric.ml
KasperskyUDS:Trojan.Win32.Generic
BitDefenderTrojan.GenericKDZ.20501
NANO-AntivirusTrojan.Win32.RiskGen.cqkqsf
APEXMalicious
TencentMalware.Win32.Gencirc.114b9091
Ad-AwareTrojan.GenericKDZ.20501
SophosML/PE-A + Mal/EncPk-AKA
ComodoMalware@#1wbgw6gvgceuw
DrWebTrojan.Inject2.23
ZillyaTrojan.Foreign.Win32.54972
TrendMicroTROJ_SPNR.15GB13
McAfee-GW-EditionPWS-Zbot-FAXY!FBA3A610CB69
EmsisoftTrojan.GenericKDZ.20501 (B)
IkarusTrojan.Win32.Loktrom
GDataTrojan.GenericKDZ.20501
JiangminTrojan.Generic.dcwth
WebrootTrojan.Dropper.Gen
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.2536A2
KingsoftWin32.Troj.GenericKDZ.v.(kcloud)
GridinsoftRansom.Win32.Zbot.sa
ViRobotTrojan.Win32.Z.Foreign.426496
MicrosoftWorm:Win32/Dorkbot.I
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Ransom.R69596
Acronissuspicious
McAfeePWS-Zbot-FAXY!FBA3A610CB69
TACHYONRansom/W32.Foreign.426496
VBA32Trojan.Inject
MalwarebytesMalware.AI.2682293328
AvastWin32:Ransom-AKH [Trj]
RisingDropper.Generic!8.35E (CLOUD)
YandexTrojan.Foreign!fA/fRdezDmw
SentinelOneStatic AI – Suspicious PE
FortinetW32/Crypt.PFP!tr
AVGWin32:Ransom-AKH [Trj]
Cybereasonmalicious.0cb693
PandaTrj/CI.A

How to remove Malware.AI.2682293328?

Malware.AI.2682293328 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment