Malware

Should I remove “Malware.AI.2712610444”?

Malware Removal

The Malware.AI.2712610444 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2712610444 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • CAPE detected the AgentTeslaV2 malware family
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Malware.AI.2712610444?



File Info:

name: A2BD2D45121EAFAE7B8E.mlw
path: /opt/CAPEv2/storage/binaries/6a866a73f707d04c9e541853f86b98d55a7fba344d1aeb3eb212bdec2fdd3f91
crc32: 6FD2876D
md5: a2bd2d45121eafae7b8e6f1307b2fe23
sha1: 5df71718d02529f6ae74bdeeabf61c4278382fa8
sha256: 6a866a73f707d04c9e541853f86b98d55a7fba344d1aeb3eb212bdec2fdd3f91
sha512: 126aadeefae03e157634567042992625a1880e58534b10cd0132b672fdb7183031ec5116340af542c29999979283d7a216fefbc91c33e719237eadbfff38b02e
ssdeep: 24576:cSl6RWarg+0stuxKygBEXw63rucqWRF41ImBGd:7+8+BjW4w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AF458C48EA76D899D81D03F5B1F10C235E40F2AF98B8954E34DAB3951A232D3447BDEB
sha3_384: cee94dbc9c4e2ecc82dd9f12064f5359883b715f89ee96dc2a262da1c7584f269e747b6e50183e2e8924ba99d1cf7bf1
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-05-12 10:05:03


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: Microsoft Corporation
FileDescription: Notepad
FileVersion: 1.0.0.0
InternalName: Sklgeh.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
LegalTrademarks: 
OriginalFilename: Sklgeh.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.2712610444 also known as:

BkavW32.FamVT.PouzusLT.Trojan
LionicTrojan.MSIL.Agensla.i!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.33825329
FireEyeGeneric.mg.a2bd2d45121eafae
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacTrojan.GenericKD.33825329
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/AgentTesla.230df180
K7GWTrojan ( 0056292d1 )
K7AntiVirusTrojan ( 0056292d1 )
VirITTrojan.Win32.Inject3.CGZZ
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/Autorun.Spy.Agent.DF
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefenderTrojan.GenericKD.33825329
NANO-AntivirusTrojan.Win32.Inject3.hlelyu
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan.Inject.Auto
SophosMal/Generic-S + Mal/Generic-L
ComodoMalware@#21trw5nibcgtk
DrWebTrojan.Inject3.39883
ZillyaWorm.AutoRun.Win32.145912
TrendMicroTrojan.MSIL.WACATAC.THEACBO
McAfee-GW-EditionFareit-FXJ!A2BD2D45121E
EmsisoftTrojan.GenericKD.33825329 (B)
IkarusTrojan-Spy.Keylogger.AgentTesla
JiangminTrojan.PSW.MSIL.ytr
WebrootW32.Trojan.Gen
AviraTR/AD.AgentTesla.xehwe
Antiy-AVLTrojan/Generic.ASMalwS.306C908
KingsoftWin32.PSWTroj.Undef.(kcloud)
MicrosoftTrojan:Win32/AgentTesla!MTB
GDataWin32.Trojan-Stealer.AgentTesla.6WAXYK
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C4095101
McAfeeFareit-FXJ!A2BD2D45121E
VBA32TScope.Trojan.MSIL
MalwarebytesMalware.AI.2712610444
TrendMicro-HouseCallTrojan.MSIL.WACATAC.THEACBO
SentinelOneStatic AI – Malicious PE
MaxSecureWin.MxResIcn.Heur.Gen
FortinetMSIL/Kryptik.VBI!tr
BitDefenderThetaGen:NN.ZemsilF.34182.ln0@aed1kAl
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.5121ea
PandaTrj/Agent.JMA

How to remove Malware.AI.2712610444?

Malware.AI.2712610444 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment