Malware.AI.2986199607 (file analysis)

The Malware.AI.2986199607 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.2986199607 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.2986199607?


File Info:
name: DD0EC7F10090B26231C8.mlw
path: /opt/CAPEv2/storage/binaries/f7852f3dd9324f829a191f307da2c6d7884d3607e6b1f096204d6a55a7aaff9f
crc32: 395845E7
md5: dd0ec7f10090b26231c8b607307c6fdc
sha1: eef77160fdb8096e22f8b2a75c3abcdc16fd5d30
sha256: f7852f3dd9324f829a191f307da2c6d7884d3607e6b1f096204d6a55a7aaff9f
sha512: 6016315c2cf8fc5b18fb4e18e92a4e84e5fc654460f3f486f5587abdd916d38f818ec18626b8ee8a2cd05372951e69ccfc3b12912fd8258e66bb25ace689f361
ssdeep: 24576:dNQ+9+MzVdi/9ZgQzYM65mpXNgbUDGTgl1Y9IrQRmi9kSKFc/nwT:/9HhQluM65mp9DG0l1Y9IrQRPudFc/nw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T130457C267B88902CE1B7553139E8A668D436B4744B35B19B7298C3DE1CB86D31F3CB4B
sha3_384: 8de09a05cca016b57eb0083c8b56b47a7056ca79b7b69c0c1e36ab5c0e5d80de86559c1af0125b1a175fb7bd15ccf05c
ep_bytes: 535751bb18000000648b3b03db01fb8b
timestamp: 2000-10-31 23:33:01

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Windows Search Indexer
FileVersion: 7.0.17134.1304 (WinBuild.160101.0800)
InternalName: SearchIndexer.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: SearchIndexer.exe
ProductName: Windows® Search
ProductVersion: 7.0.17134.1304
Translation: 0x0409 0x04b0

Malware.AI.2986199607 also known as:

MicroWorld-eScan	Win32.Expiro.Gen.6
ClamAV	Win.Trojan.Expiro-9955145-0
ALYac	Win32.Expiro.Gen.6
Cylance	Unsafe
VIPRE	Win32.Expiro.Gen.6
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.10090b
VirIT	Win32.Expiro.CW
Cyren	W32/Expiro.AX.gen!Eldorado
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Expiro.CP
APEX	Malicious
Cynet	Malicious (score: 100)
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Tencent	Virus.Win32.Expiro.ns
Ad-Aware	Win32.Expiro.Gen.6
Sophos	ML/PE-A + Mal/EncPk-MK
F-Secure	Trojan.TR/Patched.Gen
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.dd0ec7f10090b262
Emsisoft	Win32.Expiro.Gen.6 (B)
SentinelOne	Static AI – Malicious PE
GData	Win32.Expiro.Gen.6
Jiangmin	Trojan.Bingoml.esh
Avira	TR/Patched.Gen
Antiy-AVL	Trojan/Generic.ASVirus.332
Arcabit	Win32.Expiro.Gen.6
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
MAX	malware (ai score=88)
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Malware.AI.2986199607
Ikarus	Virus.Win32.Expiro
Fortinet	W32/Expiro.CP
AVG	Win32:Xpirat-C [Inf]
Panda	W32/Expiro.AK
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Malware.AI.2986199607?

Malware.AI.2986199607 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X