Malware

Malware.AI.2820425434 (file analysis)

Malware Removal

The Malware.AI.2820425434 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2820425434 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings

How to determine Malware.AI.2820425434?



File Info:

name: B3D11E570DA4A66F4B85.mlw
path: /opt/CAPEv2/storage/binaries/05f3293dc1f22b1a4b15b8cacce8d4205decb8615627d11f1301ff3871e64015
crc32: 34670F0C
md5: b3d11e570da4a66f4b8520bc6107283b
sha1: d14b84a15a4673c24c666d938a34232676e69df6
sha256: 05f3293dc1f22b1a4b15b8cacce8d4205decb8615627d11f1301ff3871e64015
sha512: c20d7e6490701e48d4e3e04e7445532add146b5c571db28a3b3a7daebc0ebfcbff919461b67bf52d6067692ca6354c5a08db9f379110e39bccd954edee526c3d
ssdeep: 1536:2EPF+7yY/P/Y/BgQbW+/EtmtckUSp6dEuYe:2EUOUYBgQgMtbpQvYe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T126837B13F0D4D073E0231131A9A6B77348AFBA339A390247F789467E6EE51E09E25793
sha3_384: 0b0a48de3418e2cd4f376598eac1364cb0c02816ddaad5ba06c0b6a542fcc2b46debae5f3611fff5eb201d799e8903b1
ep_bytes: e8bb190000e989feffff8bff558bec83
timestamp: 2018-02-01 09:34:40


Version Info:

0: [No Data]

Malware.AI.2820425434 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.IndigoZebra.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.39825720
FireEyeGeneric.mg.b3d11e570da4a66f
CAT-QuickHealTrojan.Dynamer.8882
ALYacBackdoor.Agent.BoxCaon
CylanceUnsafe
VIPRETrojan.GenericKD.39825720
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0052cd221 )
AlibabaTrojanDownloader:Win32/IndigoZebra.b8857878
K7GWTrojan-Downloader ( 0052cd221 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Generic.D25FB138
SymantecTrojan Horse
ESET-NOD32a variant of Win32/TrojanDownloader.Speccom.R
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.IndigoZebra.b
BitDefenderTrojan.GenericKD.39825720
NANO-AntivirusTrojan.Win32.Xcaon.eznekw
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.114ce3d3
Ad-AwareTrojan.GenericKD.39825720
EmsisoftTrojan.GenericKD.39825720 (B)
ComodoMalware@#3qzs8c3dtcp4y
F-SecureTrojan.TR/Dldr.Speccom.yyemt
DrWebTrojan.MulDrop7.57212
ZillyaTrojan.Xcaon.Win32.2
TrendMicroTROJ_GEN.R002C0PG121
McAfee-GW-EditionBehavesLike.Win32.Dropper.mh
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Xcaon.d
WebrootW32.Trojan.Xcaon
AviraTR/Dldr.Speccom.yyemt
KingsoftWin32.Troj.IndigoZebra.b.(kcloud)
MicrosoftTrojan:Win32/Skeeyah
ViRobotTrojan.Win32.Z.Zusy.88576.FF
ZoneAlarmTrojan.Win32.IndigoZebra.b
GDataTrojan.GenericKD.39825720
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Xcaon.C2336333
McAfeeGenericRXEH-PY!B3D11E570DA4
VBA32suspected of Trojan.Downloader.gen
MalwarebytesMalware.AI.2820425434
TrendMicro-HouseCallTROJ_GEN.R002C0PG121
RisingTrojan.Generic@AI.86 (RDML:5aoHfiZvLTdSTpP495dHFA)
YandexTrojan.GenAsa!eisfu3EnQH8
IkarusTrojan-Downloader.Win32.Speccom
FortinetW32/Speccom.R!tr
BitDefenderThetaGen:NN.ZexaF.34742.fqW@amvIpAl
AVGWin32:Malware-gen
Cybereasonmalicious.70da4a
PandaTrj/GdSda.A

How to remove Malware.AI.2820425434?

Malware.AI.2820425434 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment