Malware.AI.2911367738 (file analysis)

The Malware.AI.2911367738 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2911367738 virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
.NET file is packed/obfuscated with Confuser
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.2911367738?


File Info:
name: BF815C53048A2DD444DE.mlw
path: /opt/CAPEv2/storage/binaries/93fbe993bb026112401af5047f2d30417219597f6972b04884ebe920060f648e
crc32: F653DA55
md5: bf815c53048a2dd444de1b5539b851e0
sha1: a24e718a4675125c4e6420d0bfa50979f815ebe6
sha256: 93fbe993bb026112401af5047f2d30417219597f6972b04884ebe920060f648e
sha512: 4b6e2aad991e87f3c1fbb0a1b178a532c11d636e9eaf46af3d7f3e7ce14dbaed02a4e7bc538fa8cc377cafab01a322e3f313683cd2e0f0a4a5e6ca097b8cb427
ssdeep: 12288:z4KGgSdghzplEbxaJAbi/nY3qjjC4sOdOchJEoMJ+V58hKNqb2q1uy:kKZFHqxaJAbiHjYOdO2asV58B
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T160F439446628AFCAF93F5FF644551421C3B2A963611EF6C64CC2B9DB2B28BC29F454C3
sha3_384: 36488392ccd7dd6b34ddbc94784b8fab9b66f70a9e6dd2c923334d1163c89143aeb0d627a1925fdf98ddb9d6f1f68f7e
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-10-20 07:44:50

Version Info:
Translation: 0x0000 0x04b0
Comments: 天之蓝软件工作室
CompanyName: 一款优秀的英语单词记忆软件！
FileDescription: 不想背单词
FileVersion: 9.3.0.0
InternalName: 不想背单词.exe
LegalCopyright: Copyright © 赵晋 个人所有
LegalTrademarks: 
OriginalFilename: 不想背单词.exe
ProductName: 不想背单词
ProductVersion: 9.3.0.0
Assembly Version: 9.3.0.0

Malware.AI.2911367738 also known as:

Lionic	Trojan.Win32.Strictor.4!c
MicroWorld-eScan	Gen:Variant.Strictor.264783
FireEye	Generic.mg.bf815c53048a2dd4
ALYac	Gen:Variant.Strictor.264783
Cybereason	malicious.3048a2
Cyren	W32/MSIL_Dropper.D.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
BitDefender	Gen:Variant.Strictor.264783
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Strictor.264783
Emsisoft	Gen:Variant.Strictor.264783 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Strictor.264783
Avira	HEUR/AGEN.1121264
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4814718
McAfee	Artemis!BF815C53048A
MAX	malware (ai score=86)
Malwarebytes	Malware.AI.2911367738
TrendMicro-HouseCall	TROJ_GEN.R002H0CL621
Ikarus	AdWare.MSIL.Popdeals
eGambit	Unsafe.AI_Score_99%
Fortinet	MSIL/GenKryptik.FGRQ!tr
BitDefenderTheta	Gen:NN.ZemsilF.34062.Tm0@a8DJoAf
AVG	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_80% (W)
MaxSecure	Trojan.Malware.300983.susgen

How to remove Malware.AI.2911367738?

Malware.AI.2911367738 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X