Malware

What is “Malware.AI.2898572193”?

Malware Removal

The Malware.AI.2898572193 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2898572193 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to interact with an Alternate Data Stream (ADS)

How to determine Malware.AI.2898572193?



File Info:

name: 5965C13F2DA0D28C96C7.mlw
path: /opt/CAPEv2/storage/binaries/3271df1a15ac98d8ef50c27985b642e20efb2acb31e6638cac1ba3233a8143d0
crc32: A9977A0B
md5: 5965c13f2da0d28c96c7a00fc62579e2
sha1: e1ba32fcecf4ba0188dce9a58c82b4958cc65c82
sha256: 3271df1a15ac98d8ef50c27985b642e20efb2acb31e6638cac1ba3233a8143d0
sha512: e94578358a9b70427ecfd4fa43d0d4ae687ec2beb421d79ae534a92b392e340a83038fcd9da9982a2473e9b7e2b7f05533bbe7022e2381f4ea9f13bb9b439773
ssdeep: 6144:Tx/cyVkwbuuhYgMLhHp8MAyLwNXmEYpCJEKGuFOpwfSXEwDf/7xJq1DFXtD:+yOwKukHp5WXm7pcFOpwdq/7xk/R
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A4A428A93BF66F40C98C06BAD4F40C00D378D8970B96FB5FA68A157C3D7479ADC89246
sha3_384: 50262a4c6be07a68b517f20bc98e6e2ce93937ad44d968a49af4832f67b81f8d98e762f43dbd32d865a484533f62d50f
ep_bytes: ff2500204000c531b066000000000000
timestamp: 2018-03-10 06:27:07


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: Activision Blizzard
FileDescription: Battle NET lancher
FileVersion: 5.1.1.9
InternalName: launcher.exe
LegalCopyright: Copyright Blizzard ©  2016
LegalTrademarks: 
OriginalFilename: launcher.exe
ProductName: launcher
ProductVersion: 5.1.1.9
Assembly Version: 5.1.1.9

Malware.AI.2898572193 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Adware.MSILHeracles.122
FireEyeGeneric.mg.5965c13f2da0d28c
ALYacGen:Variant.Adware.MSILHeracles.122
CylanceUnsafe
K7AntiVirusRiskware ( 0050b1e11 )
AlibabaTrojan:MSIL/MalwareX.792051a1
K7GWRiskware ( 0050b1e11 )
Cybereasonmalicious.cecf4b
CyrenW32/MSIL_Agent.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Riskware.GameHack.Z
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Adware.MSILHeracles.122
AvastWin32:MalwareX-gen [Trj]
Ad-AwareGen:Variant.Adware.MSILHeracles.122
SophosMal/Generic-S
ComodoApplication.MSIL.GameHack.Z@7kilc4
BitDefenderThetaGen:NN.ZemsilF.34084.Cm0@aeuqEsn
TrendMicroTROJ_GEN.R002C0PL421
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
EmsisoftGen:Variant.Adware.MSILHeracles.122 (B)
IkarusPUA.MSIL.Riskware
GDataGen:Variant.Adware.MSILHeracles.122
AviraHEUR/AGEN.1128570
Antiy-AVLTrojan/Generic.ASMalwS.24FA5EC
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Unwanted/Win32.GameHack.R219092
Acronissuspicious
McAfeeGenericRXCZ-DV!5965C13F2DA0
MAXmalware (ai score=62)
VBA32TScope.Trojan.MSIL
MalwarebytesMalware.AI.2898572193
TrendMicro-HouseCallTROJ_GEN.R002C0PL421
TencentMalware.Win32.Gencirc.114cf04e
YandexTrojan.Agent!+CmlLjvGorU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.SHR!tr
AVGWin32:MalwareX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.2898572193?

Malware.AI.2898572193 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment