Malware.AI.2746452146 (file analysis)

The Malware.AI.2746452146 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2746452146 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.2746452146?


File Info:
name: A9C385F7E28642CB36C6.mlw
path: /opt/CAPEv2/storage/binaries/2349e52aa98a374cd9589b23b27bdd7d47a79196ff54df7a7a7bef1c4b36aa03
crc32: 112943C2
md5: a9c385f7e28642cb36c6a45013acf97d
sha1: c7cc42ee9e055690d1c14905f5433bfacc54df87
sha256: 2349e52aa98a374cd9589b23b27bdd7d47a79196ff54df7a7a7bef1c4b36aa03
sha512: 61edbacdd6e1e2cd1e88ef0a5f558d11359806456e4035f51a223ee3cfda0e2faf8db6ccaf1753545a1724a3696306ec6cfea7ef0e1c5147d9291cdff6dc299c
ssdeep: 12288:64hgOaj08hMM2nuTMlNYDhqUAnhwI4Sk2Xo2IH:64laxgaANyenyI4QXhG
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T148D4AE52BAB8C0E6D066D2398559CA70F6B3B060BFA153DF1655473D2E731E3AF38602
sha3_384: e8b97df79472ee9832b3534f12c32470a40cd66a7b86eac9681b5b6d0c6aefadef78a4e5e5a8d7616ce1d8ec58590cc6
ep_bytes: 43544750514fbc600000000000000065
timestamp: 2105-02-11 12:52:34

Version Info:
CompanyName: Microsoft Corporation
FileDescription: WMI Performance Reverse Adapter
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: WmiApSrv.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WmiApSrv.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.2746452146 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.134
MicroWorld-eScan	Win64.Expiro.Gen.6
Cylance	Unsafe
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
CrowdStrike	win/malicious_confidence_80% (D)
Cyren	W64/Expiro.R.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
ClamAV	Win.Virus.Expiro-9887895-0
Kaspersky	Virus.Win64.Expiro.rd
BitDefender	Win64.Expiro.Gen.6
NANO-Antivirus	Virus.Win64.Expiro.clnvwd
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Emsisoft	Win64.Expiro.Gen.6 (B)
TrendMicro	Virus.Win64.EXPIRO.MR
SentinelOne	Static AI – Suspicious PE
FireEye	Generic.mg.a9c385f7e28642cb
Sophos	ML/PE-A + W64/Expiro-AV
Ikarus	Virus.Win64.Expiro
GData	Win64.Expiro.Gen.6
Jiangmin	Trojan.Bingoml.avt
Avira	TR/Patched.Gen
Antiy-AVL	Virus/Win64.Expiro.rd
Arcabit	Win64.Expiro.Gen.6
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
ALYac	Win64.Expiro.Gen.6
Malwarebytes	Malware.AI.2746452146
APEX	Malicious
MAX	malware (ai score=87)
MaxSecure	virus.win64.expiro.gen
Fortinet	W64/Expiro.CE
AVG	Win64:Xpirat [Inf]
Cybereason	malicious.7e2864

How to remove Malware.AI.2746452146?

Malware.AI.2746452146 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X