Malware

How to remove “Malware.AI.2872388876”?

Malware Removal

The Malware.AI.2872388876 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2872388876 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Exhibits possible ransomware file modification behavior

Related domains:

wpad.local-net

How to determine Malware.AI.2872388876?



File Info:

name: 15DAD326D12B4D5F6350.mlw
path: /opt/CAPEv2/storage/binaries/bd585c772a7f286df054d8faa545787c6b8c3884615806fd31b06f1f4913de4d
crc32: D7E75AA0
md5: 15dad326d12b4d5f6350493a8b604161
sha1: 12c72a8acd023ab0d06f19adcaf3f3f16d245346
sha256: bd585c772a7f286df054d8faa545787c6b8c3884615806fd31b06f1f4913de4d
sha512: 0d516c39656ece20f334fcbc993890024d96dff404c7cde85fc94bc2b9ce70567cc57d386127c08c0d4eba4d939e30349dd69ba2144a8e5811c9413d52ff0556
ssdeep: 196608:24s/byLdLZAvLNZycoGyeYh0F2z7VSbplu+FsSuGF4i8prbUY47JLGfcr:2tbSdLZKWD+wsHwOSNRw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142E6236FB268693EC4AA4B3141B39670497B7FA1641A4C1F07F4391DCF368B12E3B616
sha3_384: 711524e6e9b93fe522525c13b00b54e35ad7f018041757ba9a638bda4de57a5204b7a155706194b27a6744f9685a02d0
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-05-21 05:56:23


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: BQD Company Ltd.                                            
FileDescription: DecMgr Setup                                                
FileVersion: 1.0.0.1             
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: DecMgr                                                      
ProductVersion: 1.0.0.1                                           
Translation: 0x0000 0x04b0

Malware.AI.2872388876 also known as:

LionicTrojan.Win32.Ekstak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Zadved.1654
MicroWorld-eScanAdware.GenericKD.47472380
FireEyeAdware.GenericKD.47472380
McAfeeArtemis!15DAD326D12B
CylanceUnsafe
SangforTrojan.Win32.Zpevdo.B
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDropper:Win32/Ekstak.2682982e
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.acd023
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
APEXMalicious
KasperskyTrojan.Win32.Ekstak.ahaos
BitDefenderAdware.GenericKD.47472380
AvastWin32:Adware-gen [Adw]
TencentMalware.Win32.Gencirc.11b148dd
Ad-AwareAdware.GenericKD.47472380
EmsisoftAdware.GenericKD.47472380 (B)
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0GKP21
McAfee-GW-EditionArtemis!Trojan
SophosGeneric PUA BC (PUA)
GDataAdware.GenericKD.47472380
AviraTR/Ekstak.zicuh
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3PUP/Win32.DownloadAssistant.R358523
ALYacAdware.GenericKD.47472380
MAXmalware (ai score=64)
VBA32Trojan.Ekstak
MalwarebytesMalware.AI.2872388876
TrendMicro-HouseCallTROJ_GEN.R002C0GKP21
MaxSecureTrojan.Malware.108941496.susgen
FortinetPossibleThreat.MU
AVGWin32:Adware-gen [Adw]

How to remove Malware.AI.2872388876?

Malware.AI.2872388876 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment