Malware

Malware.AI.2954172022 information

Malware Removal

The Malware.AI.2954172022 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2954172022 virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.2954172022?



File Info:

name: 73A99947AD19589E6D24.mlw
path: /opt/CAPEv2/storage/binaries/2d7b3eef8a75b0c5f7560ded14c469ed7dea0a1a30832ec3242f3d4305c695e9
crc32: A80000E5
md5: 73a99947ad19589e6d240a196a56ed37
sha1: 38f7d74985b2614046bc068e5da5a952f2132966
sha256: 2d7b3eef8a75b0c5f7560ded14c469ed7dea0a1a30832ec3242f3d4305c695e9
sha512: a21900b317db1e21a09a28c8a585314fdaaddf993aeb436e6b2fe9942efa2d6c96d3918fc61669ccbcfa145a8ec4a1a71e648377c015f39fe18ba9bc0810d740
ssdeep: 393216:WkxFfjkgJbzjRITdHgzskLXJW03tuOGAvt:WkbL9xRIhgzJJW03tKQt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EBF63324DFE0E4109A79CA7F1126651641FC2C55FA7AAF98D11F3062ADFA0298333DB7
sha3_384: 35d0e3518de8bc8c8ed05c5379947f35618ac334370f424595a39f6aced139c71de47a44c46cad4125a08f264d6d39aa
ep_bytes: 60be003039018dbe00e006ff57eb0b90
timestamp: 2021-09-15 02:48:53


Version Info:

FileVersion: 8.0.18.608
Comments: uqb.cn
FileDescription: 专业智能装机工具,让装机更简单!
ProductVersion: 8.0.18.608
LegalCopyright: (C) uqb.cn All Rights Reserved.
CompanyName: uqb.cn
ProductName: U启宝装机工具
Translation: 0x0804 0x04b0

Malware.AI.2954172022 also known as:

Elasticmalicious (moderate confidence)
MalwarebytesMalware.AI.2954172022
ZillyaTrojan.AutoIT.Win32.156026
ClamAVWin.Malware.Rovnix-6803887-0
DrWebTrojan.Siggen18.3048
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Suspicious PE
WebrootW32.Malware.Gen
Antiy-AVLTrojan[Packed]/Win32.Autoit
VBA32Trojan-Downloader.Autoit.gen
IkarusTrojan.SelfDel
FortinetPossibleThreat.PALLAS.H
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_70% (W)

How to remove Malware.AI.2954172022?

Malware.AI.2954172022 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment