Malware

Should I remove “Malware.AI.2946019035”?

Malware Removal

The Malware.AI.2946019035 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.2946019035 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Malware.AI.2946019035?


File Info:

name: 0B8ED9FEF30801747E78.mlw
path: /opt/CAPEv2/storage/binaries/188bfe2e35ad4641eb06b5e891c6dbacc20fc6cbc1e843afd31b15938636d18f
crc32: F9144C53
md5: 0b8ed9fef30801747e78c3a849bf3acd
sha1: 92f4490c33fe4a309a7bdd2a13a651eef9964dcc
sha256: 188bfe2e35ad4641eb06b5e891c6dbacc20fc6cbc1e843afd31b15938636d18f
sha512: 05b67e4a88ce771a8dd3cbb51ce565fc9f25679c9e59432fc934f50f109e108290d157417d37ee76b7812c8353664996fc8216629eda0869f1b0d4dab77caa7f
ssdeep: 192:Ws285y5L43ouSdVdSvbIL1rvbcu/G67QoqLV3w6StVqj8yRaQSDQf9IYo7s:95yF44uadbLBJDUTZg6StkJHkQf9IYo
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T170523B4BA3D45233ECFF0B32BC7642440FB1E9069616CB2B1989D9576FA33584952BF1
sha3_384: 531324ce509feb41f2d637b383cb808fdd938ce7647148ea6c4cc8603850c17f195c84c3b8923c7466c6f30ccf37e17a
ep_bytes: 4d5a90000300000004000000ffff0000
timestamp: 2021-12-06 08:51:35

Version Info:

Translation: 0x0000 0x04b0
Comments:
CompanyName:
FileDescription: SKz
FileVersion: 1.0.0.1
InternalName: SKz.exe
LegalCopyright: Copyright © 2021
LegalTrademarks:
OriginalFilename: SKz.exe
ProductName: SKz
ProductVersion: 1.0.0.1
Assembly Version: 1.0.0.1

Malware.AI.2946019035 also known as:

LionicRiskware.Win32.Fochi.1!c
MicroWorld-eScanDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271
FireEyeDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271
McAfeePUP-XGW-FN
CylanceUnsafe
K7AntiVirusPassword-Stealer ( 005764531 )
AlibabaTrojan:MSIL/Redcap.f502fa74
K7GWPassword-Stealer ( 005764531 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/PSW.SafetyKatz.D
Paloaltogeneric.ml
KasperskyVHO:HackTool.MSIL.Mimikatz.gen
BitDefenderDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271
AvastWin64:HacktoolX-gen [Trj]
TencentMsil.Trojan.Generic.Hfq
Ad-AwareDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271
EmsisoftDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271 (B)
TrendMicroHackTool.MSIL.Mimikatz64.SM
McAfee-GW-EditionPUP-XGW-FN
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271
AviraTR/Redcap.orhtd
GridinsoftRansom.Win64.Sabsik.sa
ArcabitDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C4823651
ALYacDeepScan:Generic.Fochi.MSIL.Hacktool.6.AA0C8271
MAXmalware (ai score=86)
MalwarebytesMalware.AI.2946019035
TrendMicro-HouseCallHackTool.MSIL.Mimikatz64.SM
IkarusHackTool.Win32.Safetykatz
MaxSecureTrojan.Malware.300983.susgen
FortinetAdware/SafetyKatz
AVGWin64:HacktoolX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Malware.AI.2946019035?

Malware.AI.2946019035 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment