Malware

Malware.AI.2959416849 removal

Malware Removal

The Malware.AI.2959416849 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2959416849 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Anomalous binary characteristics

How to determine Malware.AI.2959416849?



File Info:

name: 007A0A7F2745A328078D.mlw
path: /opt/CAPEv2/storage/binaries/6f28f7e6fc80c390f01120004397c889662bd0341cba5165d2ee25e19a987b2d
crc32: 8EF5200E
md5: 007a0a7f2745a328078d66748875a734
sha1: d7504b88e1c64f2471062d48ea567c77cd8be208
sha256: 6f28f7e6fc80c390f01120004397c889662bd0341cba5165d2ee25e19a987b2d
sha512: 098b979095085290e3bfca4180b83cf106d7b8651dffc144ff40f3c01ed6d339e9b8914e70a470b54705cb04e6cbb0c77c24598d6d6e577c9b2088e96c68f657
ssdeep: 3072:yFfgvTLf6+vpvukZz2DSvH8H+6TlC/6SGc60CaBzxlF5jKZh1aJ:yGCAhZ1vc92GT0CaBzLWXE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13FE3AD9AA9434137E4145E35869216C01BBD9C937FA2A6FFAF413D0C99F02E448B1BBD
sha3_384: 63b38f6dae027b29f3203e39542b4120e40951d4c953fc8f693c38fe98cc19510218dc56ac120083a15bbed3bd5c0211
ep_bytes: 558bec6aff68a0d7400068d093400064
timestamp: 2015-03-30 06:55:47


Version Info:

CompanyName: Mozilla Corporation
FileDescription: Firefox Helper
FileVersion: 37.0
LegalCopyright: Mozilla Corporation
LegalTrademarks: Firefox is a Trademark of The Mozilla Foundation.
OriginalFilename: helper.exe
ProductName: Firefox
ProductVersion: 37.0
Translation: 0x0000 0x04b0

Malware.AI.2959416849 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
DrWebTrojan.DownLoader13.4183
MicroWorld-eScanGen:Variant.Zbot.161
FireEyeGeneric.mg.007a0a7f2745a328
CAT-QuickHealTrojan.Dorv.19796
McAfeePWSZbot-FAJM!007A0A7F2745
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 004c7e1e1 )
K7GWTrojan ( 004c7e1e1 )
Cybereasonmalicious.f2745a
ArcabitTrojan.Zbot.161
BitDefenderThetaGen:NN.ZexaF.34742.jy0@amjl5Xoj
Elasticmalicious (high confidence)
ESET-NOD32Win32/Tinba.BK
ClamAVWin.Trojan.Zbot-8011428-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zbot.161
NANO-AntivirusTrojan.Win32.Yakes.dtacvs
AvastWin32:Agent-AYPR [Trj]
TencentMalware.Win32.Gencirc.10b6383c
Ad-AwareGen:Variant.Zbot.161
EmsisoftGen:Variant.Zbot.161 (B)
ZillyaDropper.Injector.Win32.66792
McAfee-GW-EditionPWSZbot-FAJM!007A0A7F2745
SophosMal/Generic-S
JiangminTrojan/Generic.biyus
AviraTR/Crypt.XPACK.Gen7
MAXmalware (ai score=88)
MicrosoftPWS:Win32/Zbot!ml
ViRobotTrojan.Win32.CTB-Locker.946176
GDataGen:Variant.Zbot.161
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Cryptolocker.Gen
ALYacGen:Variant.Zbot.161
TACHYONTrojan/W32.Ransom.155648.B
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.2959416849
APEXMalicious
RisingTrojan.Generic@AI.96 (RDML:mqyGqIDlJxwurfn+cTugmA)
YandexTrojan.GenAsa!V1P8DO3k12Y
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.BZCD!tr
AVGWin32:Agent-AYPR [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.2959416849?

Malware.AI.2959416849 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment