Malware

Malware.AI.2813424900 removal tips

Malware Removal

The Malware.AI.2813424900 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2813424900 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • CAPE detected the Kutaki malware family
  • Anomalous binary characteristics

How to determine Malware.AI.2813424900?



File Info:

name: 056C42893FAFCC5F431F.mlw
path: /opt/CAPEv2/storage/binaries/5db6d080e4888541162c2cd3ecb0187d769e6e46c62979f5a1e9dc5cbc7a756b
crc32: 44C170EB
md5: 056c42893fafcc5f431f9b1bdeb15075
sha1: 0f5642f7de8e06ac35f21e195c4619b4d5c6538c
sha256: 5db6d080e4888541162c2cd3ecb0187d769e6e46c62979f5a1e9dc5cbc7a756b
sha512: 48cafeaad5a7e2b502f3ef07aa69c1565a484f5c1506d682aa16e09c6e68cae452a23828296ef57943a43dffc125bce1c3893333c0c9fcb04abdb10edb67a6a1
ssdeep: 12288:da03tfeR2j46A9jmP/uhu/yMS08CkntxYRf:c03Nj0fmP/UDMS08Ckn3y
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DBC49D53B2915E62F8553E301D1246F492B7FF9A6F0CF28ABD4431AF2933AD1282475B
sha3_384: 9c4b9a9e55716a02422752c113b0e675c39433d34692dc09bf3f4139417eab6360aadec6122a4ab76d91b86b3c1b54e9
ep_bytes: 685c154000e8eeffffff000000000000
timestamp: 2022-01-09 15:14:38


Version Info:

Translation: 0x0409 0x04b0
CompanyName: PERSONAL COMPUTER
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: 2
OriginalFilename: 2.exe

Malware.AI.2813424900 also known as:

LionicTrojan.Win32.Bingoml.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38472953
FireEyeGeneric.mg.056c42893fafcc5f
CAT-QuickHealTrojan.Keylogger.S25879104
ALYacTrojan.GenericKD.38472953
CylanceUnsafe
SangforTrojan.Win32.Bingoml.ding
K7AntiVirusSpyware ( 0000d4291 )
AlibabaTrojanSpy:Win32/Bingoml.462fddc1
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZevbaF.34114.Jm0@aGyzw5pi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Spy.KeyLogger.NJK
TrendMicro-HouseCallTSPY_VBKEYLOG.SM
Paloaltogeneric.ml
KasperskyTrojan.Win32.Bingoml.ding
BitDefenderTrojan.GenericKD.38472953
AvastWin32:Kutaki-A [Spy]
TencentWin32.Trojan.Bingoml.Eeu
Ad-AwareTrojan.GenericKD.38472953
EmsisoftTrojan.GenericKD.38472953 (B)
TrendMicroTSPY_VBKEYLOG.SM
McAfee-GW-EditionBehavesLike.Win32.BadFile.hh
SophosMal/Generic-S
APEXMalicious
GDataWin32.Trojan-Spy.Kutaki.DEFES8
JiangminTrojan.Generic.adrmt
AviraTR/Dropper.Gen
ArcabitTrojan.Generic.D24B0CF9
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
McAfeeGenericRXRK-FR!056C42893FAF
MAXmalware (ai score=81)
MalwarebytesMalware.AI.2813424900
RisingStealer.Kutaki!1.D278 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/KeyLogger.NJK!tr
AVGWin32:Kutaki-A [Spy]
Cybereasonmalicious.7de8e0
PandaTrj/CI.A

How to remove Malware.AI.2813424900?

Malware.AI.2813424900 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment