Malware

Malware.AI.2734637128 malicious file

Malware Removal

The Malware.AI.2734637128 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.2734637128 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • CAPE detected the ChChes malware family
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Malware.AI.2734637128?


File Info:

name: F586EDD88023F49BC4F9.mlw
path: /opt/CAPEv2/storage/binaries/c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d
crc32: 4EF53D41
md5: f586edd88023f49bc4f9d84f9fb6bd7d
sha1: b966657d35bba9416775d320bb87086001995bbe
sha256: c21eaadf9ffc62ca4673e27e06c16447f103c0cf7acd8db6ac5c8bd17805e39d
sha512: d9d107f1a85d60da256acf3a3e51c494796c4cbaca54d0f0f8a12d28aaba506e895d7ea618c3bde795099f4bd70866b726b86fe36fe3ce6c91a6ca5e2ab3d14f
ssdeep: 3072:qs/2DuT8RveN3yES0Sg2XriusGgLD5tDwHF1pSXBKBlvxH+k9:J/2GK2rS0SR0DOfp0BivxH+k9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10B148C62B6D08872C536093208B3EF105E2CFC385B585F733A9EF67B0BB15D19962967
sha3_384: db109ca6100a7b8899971fc25237b71336a1fdb4b27cd7b27dab6122ed259f03508d94349863635c6e36aec269238e83
ep_bytes: e8d9050000e97afeffff558bec6a00ff
timestamp: 2016-10-31 16:09:17

Version Info:

0: [No Data]

Malware.AI.2734637128 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.trIv
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.222552
FireEyeGeneric.mg.f586edd88023f49b
CAT-QuickHealTrojanAPT.APT10.S16152412
McAfeeBackDoor-FDVN!F586EDD88023
CylanceUnsafe
SangforTrojan.Win32.Agent.dept
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanSpy:Win32/Nexpostil.42e3eadc
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/S-6cc251fb!Eldorado
ESET-NOD32a variant of Win32/ChChes.B
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.ChChes-6814715-0
KasperskyTrojan-Spy.Win32.Agent.dept
BitDefenderGen:Variant.Zusy.222552
NANO-AntivirusTrojan.Win32.ChChes.fkbcmw
AvastWin32:DangerousSig [Trj]
TencentMalware.Win32.Gencirc.114b23a0
Ad-AwareGen:Variant.Zusy.222552
TACHYONTrojan-Spy/W32.Agent.199418
EmsisoftGen:Variant.Zusy.222552 (B)
ComodoTrojWare.Win32.Palevo.AA@5szlv3
DrWebBackDoor.Siggen2.3357
ZillyaTrojan.GenericCRTD.Win32.5152
TrendMicroBKDR_ChChes.SM2
McAfee-GW-EditionBehavesLike.Win32.Trojan.ch
Trapminemalicious.moderate.ml.score
SophosMal/Generic-R + Troj/Agent-AVDV
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Zusy.222552
JiangminTrojan.Agent.amqb
WebrootW32.Trojan.Gen
AviraTR/Agent.654654
KingsoftWin32.Heur.KVM007.a.(kcloud)
ArcabitTrojan.Zusy.D36558
ViRobotTrojan.Win32.S.Agent.199418
MicrosoftTrojan:Win32/ChChes.G!dha
AhnLab-V3Trojan/Win32.Skeeyah.C1789522
BitDefenderThetaGen:NN.ZexaF.34742.myX@aOuC9rki
ALYacTrojan.Agent.Blocker.282112
VBA32BScope.Backdoor.Caphaw.1291
MalwarebytesMalware.AI.2734637128
TrendMicro-HouseCallBKDR_ChChes.SM2
RisingTrojan.MalCert!1.BA19 (CLASSIC)
IkarusTrojan.Win32.Chches
MaxSecureTrojan.Trojan.WIN32.Generic_211761
FortinetW32/Generic.AP.22A7EA!tr
AVGWin32:DangerousSig [Trj]
Cybereasonmalicious.88023f
PandaTrj/CI.A

How to remove Malware.AI.2734637128?

Malware.AI.2734637128 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment