Malware

Malware.AI.2797547579 removal tips

Malware Removal

The Malware.AI.2797547579 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2797547579 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Malware.AI.2797547579?



File Info:

name: 61FF27DFF4A488E9287A.mlw
path: /opt/CAPEv2/storage/binaries/1f3e4e8707a7bb4a61c9840e9346d14d4e8c5313f1adc8a59e4941acb3b1c939
crc32: 3B9303A9
md5: 61ff27dff4a488e9287a446e366818f9
sha1: 409d82fa8f4cd35a8f220b04213d2d35f0f1aff1
sha256: 1f3e4e8707a7bb4a61c9840e9346d14d4e8c5313f1adc8a59e4941acb3b1c939
sha512: e493766fc9cc901a27c8256f7ec15e23d1579b9940f088cf2cfa3a341958a3f824655ed08a992f489aab003878582590b4a21316d8944fecf67021e98db4efa8
ssdeep: 6144:LwjHV85ueIzPOWvEc09fht6TTn7YoNVOw06AErPN2O2i4o3yNDH3+AxbnX0r4O5X:L2a5GDYcCfht6TTnDjnAErPN/2i4o3yC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13384D03A3BDC7166C6D74735F8A226C086A1B50F76A7975B60142FE82E52360ED1323F
sha3_384: 4efcd6c927f826789ce7742c8d80fb22739dc1520eeedefadc6163b243b527e3ac6d6f61c4932ca49a70d01c52498b8e
ep_bytes: ff25000047000100c500000100000000
timestamp: 2055-04-19 18:17:21


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: client
FileVersion: 1.0.0.0
InternalName: client.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: client.exe
ProductName: client
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.2797547579 also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanGeneric.MSIL.PasswordStealerA.1FC7F090
FireEyeGeneric.mg.61ff27dff4a488e9
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGeneric.MSIL.PasswordStealerA.1FC7F090
CylanceUnsafe
VIPREGeneric.MSIL.PasswordStealerA.1FC7F090
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 7000001c1 )
K7GWTrojan ( 7000001c1 )
Cybereasonmalicious.ff4a48
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Spy.RedLine.B
APEXMalicious
ClamAVWin.Packed.Msilmamut-9952939-0
KasperskyHEUR:Trojan-PSW.MSIL.Coins.gen
BitDefenderGeneric.MSIL.PasswordStealerA.1FC7F090
AvastWin32:SpywareX-gen [Trj]
Ad-AwareGeneric.MSIL.PasswordStealerA.1FC7F090
SophosML/PE-A + Mal/VMProtBad-A
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.moderate.ml.score
EmsisoftGeneric.MSIL.PasswordStealerA.1FC7F090 (B)
SentinelOneStatic AI – Malicious PE
GDataGeneric.MSIL.PasswordStealerA.1FC7F090
GoogleDetected
AviraHEUR/AGEN.1226400
ArcabitGeneric.MSIL.PasswordStealerA.1FC7F090
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C5227881
Acronissuspicious
MAXmalware (ai score=87)
MalwarebytesMalware.AI.2797547579
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:wJ/ez+RFT5lGknbMYBHgcQ)
IkarusTrojan.MSIL.Spy
BitDefenderThetaGen:NN.ZemsilF.34754.xu0@aav34si
AVGWin32:SpywareX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Malware.AI.2797547579?

Malware.AI.2797547579 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment