Malware

Malware.AI.2861278404 removal instruction

Malware Removal

The Malware.AI.2861278404 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2861278404 virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.2861278404?



File Info:

name: D2EFA752795F3F95572C.mlw
path: /opt/CAPEv2/storage/binaries/385a1d06223e4d1469f1b9b7438d7219f57dbb13042750b16df81c72bcc664bd
crc32: D53BD8E2
md5: d2efa752795f3f95572c05e4072350b1
sha1: a044f05dcae9abd3cc6ead9b44c27c852c75dccf
sha256: 385a1d06223e4d1469f1b9b7438d7219f57dbb13042750b16df81c72bcc664bd
sha512: 0df7b06969bb9d844625f94fc213cc8d17ea5aca1cff5c1c66ed6685830bfee85320f0f97cd4216710f4bd2bb0e0cb5d68a994ff3e295988b04e467a1416f0f7
ssdeep: 24576:nF0q+DFRuQf1iIVjZAU95z73oSqCfFS2gr/75DPxTkXrC:nF0qUDuQf1zfAUH3VqaFS2Y7tPxTkXG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T194659D01F102A136F8F340BBCEFE592DD658AA61130954E773D85A4F8BA2EF27932157
sha3_384: 600ee5e8fe2d5ec19d12011f529f9e72dcbee83ac001361346423a5273c0c44fb59ea03f3c524faf015efc1785ff761e
ep_bytes: e87d080000e97afeffffcccccccccccc
timestamp: 2022-02-10 18:43:35


Version Info:

0: [No Data]

Malware.AI.2861278404 also known as:

LionicTrojan.Win32.Deyma.a!c
DrWebTrojan.SpyBot.1128
MicroWorld-eScanGen:Variant.Zusy.415074
FireEyeGeneric.mg.d2efa752795f3f95
McAfeeGenericRXRU-QB!D2EFA752795F
CylanceUnsafe
VIPREGen:Variant.Zusy.415074
K7AntiVirusTrojan ( 0058e5461 )
AlibabaTrojanDownloader:Win32/Deyma.27a7cecd
K7GWTrojan ( 0058e5461 )
CyrenW32/Wacatac.EB.gen!Eldorado
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HOKR
TrendMicro-HouseCallTROJ_GEN.R002C0DIG22
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.Win32.Deyma.gen
BitDefenderGen:Variant.Zusy.415074
NANO-AntivirusTrojan.Win32.Deyma.jmzrsd
AvastWin32:DangerousSig [Trj]
Ad-AwareGen:Variant.Zusy.415074
ComodoMalware@#chv28f0t3ucb
ZillyaTrojan.Kryptik.Win32.3700486
TrendMicroTROJ_GEN.R002C0DIG22
McAfee-GW-EditionGenericRXRU-QB!D2EFA752795F
EmsisoftMalCert-S.OC (A)
GDataWin32.Trojan.PSE.16H8PJV
JiangminTrojanDownloader.Deyma.abt
GoogleDetected
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.68D7
KingsoftWin32.Troj.Undef.(kcloud)
ZoneAlarmHEUR:Trojan-Downloader.Win32.Deyma.gen
MicrosoftTrojan:Win32/Deyma.ME!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.BotX-gen.R472397
VBA32TrojanDownloader.Deyma
ALYacTrojan.Downloader.Deyma.A
MalwarebytesMalware.AI.2861278404
RisingTrojan.MalCert!1.DBE1 (CLASSIC)
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.74227175.susgen
FortinetW32/Kryptik.FKXJ!tr
AVGWin32:DangerousSig [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.2861278404?

Malware.AI.2861278404 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment