Malware

Should I remove “Malware.AI.2802748497”?

Malware Removal

The Malware.AI.2802748497 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.2802748497 virus can do?

  • HTTPS urls from behavior.
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Malware.AI.2802748497?


File Info:

name: 00FDE13991D074AA6387.mlw
path: /opt/CAPEv2/storage/binaries/9f8b30e55f8477be7d38e166db734e7a3c51c5fea4390cbb89cbe6e68bcf51c1
crc32: DB9AFDB9
md5: 00fde13991d074aa6387bf56084611ac
sha1: 693f2670d89c693242a5425e346aa67f4509f343
sha256: 9f8b30e55f8477be7d38e166db734e7a3c51c5fea4390cbb89cbe6e68bcf51c1
sha512: 1f6096ced8de9fefc4708cccffc202cc26863caef75c53d425b897719387e6363267c5579a3c9d7c96c950b49836ea86f048770d96d6bb2ed27cd7318b85bbc4
ssdeep: 49152:/fWOaa8sXOpzDNpC1mW102NAVHBoNn+zglE8p2zKpASS:KD0AGn+zglsmp
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T153B59E9A66EC80F5C466C139C817894BD7F274520B34C3CF90A507AFAF776A28D6D722
sha3_384: 5e482db54c2fd6cad4685c71310146da829775836889ad387c928e53566bfc39dbc33654f6d26248099dd8fa6a15c9d4
ep_bytes: 4883ec28e877ab00004883c428e952fe
timestamp: 2023-04-22 06:42:40

Version Info:

CompanyName: GDGCVV
FileDescription: VHVGGG
FileVersion: 8.4.2.57
InternalName: uchbnndbbv
LegalCopyright: Copyright (C) 2023
OriginalFilename: YEWANG
ProductName: jchvbbd
ProductVersion: 5.4.7.81
Translation: 0x281a 0x04b0

Malware.AI.2802748497 also known as:

LionicTrojan.Win32.Zenpak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.349785
ALYacGen:Variant.Tedy.349785
Cylanceunsafe
K7AntiVirusTrojan-Downloader ( 005a3edb1 )
AlibabaTrojanDownloader:Win32/Zenpak.02369f7f
K7GWTrojan-Downloader ( 005a3edb1 )
CyrenW64/ABRisk.HWIS-1377
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win64/TrojanDownloader.Agent.ABW
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Zenpak.cxcc
BitDefenderGen:Variant.Tedy.349785
AvastWin64:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.119881aa
EmsisoftGen:Variant.Tedy.349785 (B)
F-SecureTrojan.TR/Dldr.Agent.ltieg
VIPREGen:Variant.Tedy.349785
McAfee-GW-EditionBehavesLike.Win64.Dropper.vh
FireEyeGen:Variant.Tedy.349785
SophosMal/Generic-S
GDataGen:Variant.Tedy.349785
AviraTR/Dldr.Agent.ltieg
Antiy-AVLTrojan/Win64.Badur
ArcabitTrojan.Tedy.D55659
ZoneAlarmTrojan.Win32.Zenpak.cxcc
MicrosoftTrojan:Win32/Emotet!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R576896
McAfeeArtemis!00FDE13991D0
MAXmalware (ai score=87)
MalwarebytesMalware.AI.2802748497
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002H0DDM23
RisingBackdoor.Convagent!8.123DC (TFE:5:TDNbTI4bTxQ)
IkarusTrojan-Downloader.Win64.Agent
MaxSecureTrojan.Malware.206879091.susgen
FortinetW64/Agent.ABW!tr.dldr
AVGWin64:TrojanX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Malware.AI.2802748497?

Malware.AI.2802748497 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment