What is “Malware.AI.3054142776”?

The Malware.AI.3054142776 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3054142776 virus can do?

Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Malware.AI.3054142776?


File Info:
name: B10FB07959B8CAC6041B.mlw
path: /opt/CAPEv2/storage/binaries/a5ba09a78f8d84826950b805e5c0ec3841606a74748c20476b4f0a69a672a204
crc32: 06E0433F
md5: b10fb07959b8cac6041b0c4aac91e7c2
sha1: d7acaa61c056fd32cee44b373ec6ace4e6942797
sha256: a5ba09a78f8d84826950b805e5c0ec3841606a74748c20476b4f0a69a672a204
sha512: 0577a5a21202f2d76079e114e0de6638c49d7d975383c6b7291dda30766fc442d74f9d76d55ee4a6ba2edb14e988371a4f12bd6722bf359c535d8f6e3faa3785
ssdeep: 768:DMfXFGHxtk8N5Cc9eOOyGA5ggggggLvggggggggSajsv:YtGDPfOWbjsv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11303C6B67F811665E529AE320573013EA42F2E6312530C4C2730F6CA8BF5EC3AD6956F
sha3_384: ac52ba7a50bcc3841d905d91f80966153a6e1fcfa15d2a845f8d9f7d225d0d7472640c49383bb7ca4bc331c362a60a84
ep_bytes: 5589e583ec588b0c2483c1a681153360
timestamp: 2014-02-19 19:20:30

Version Info:
0: [No Data]

Malware.AI.3054142776 also known as:

Bkav	W32.AIDetect.malware2
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.1797556
ClamAV	Win.Malware.Upatre-6804091-0
FireEye	Generic.mg.b10fb07959b8cac6
CAT-QuickHeal	TrojanDwnldr.Upatre.AB4
ALYac	Trojan.GenericKD.1797556
Cylance	Unsafe
VIPRE	Trojan.GenericKD.1797556
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 0049d22b1 )
K7GW	Trojan-Downloader ( 0049d22b1 )
Cybereason	malicious.959b8c
Baidu	Win32.Trojan-Downloader.Agent.kj
VirIT	Trojan.Win32.Crypt3.AJCZ
Cyren	W32/Trojan.TOHV-3409
Symantec	Packed.Generic.493
Elastic	malicious (high confidence)
ESET-NOD32	Win32/TrojanDownloader.Waski.F
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.1797556
NANO-Antivirus	Trojan.Win32.ZBot.ddtkbo
Avast	Win32:Crypt-RHC [Trj]
Tencent	Malware.Win32.Gencirc.10b11cf7
Ad-Aware	Trojan.GenericKD.1797556
Emsisoft	Trojan.GenericKD.1797556 (B)
Comodo	TrojWare.Win32.TrojanDownloader.Waski.BJ@5j3o00
DrWeb	Trojan.DownLoad3.33795
Zillya	Downloader.Waski.Win32.759
TrendMicro	TROJ_UPATRE.SM37
McAfee-GW-Edition	BehavesLike.Win32.Generic.pm
Sophos	ML/PE-A + Troj/Agent-AIHO
SentinelOne	Static AI – Malicious PE
GData	Trojan.GenericKD.1797556
Jiangmin	Trojan/Yakes.nkz
Avira	TR/Spy.Zbot.sker.2
Antiy-AVL	Trojan/Generic.ASMalwS.24F
Microsoft	TrojanDownloader:Win32/Upatre.AA
Google	Detected
AhnLab-V3	Dropper/Win32.Necurs.R115662
McAfee	Packed-CA!B10FB07959B8
MAX	malware (ai score=88)
VBA32	Trojan.FakeAV.01657
Malwarebytes	Malware.AI.3054142776
TrendMicro-HouseCall	TROJ_UPATRE.SM37
Rising	Downloader.Waski!1.A489 (CLASSIC)
Ikarus	Trojan.Win32.Bublik
MaxSecure	Trojan.Upatre.Gen
Fortinet	W32/Kryptik.CKUG!tr
BitDefenderTheta	Gen:NN.ZexaF.34592.cqX@aK7qBvii
AVG	Win32:Crypt-RHC [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Malware.AI.3054142776?

Malware.AI.3054142776 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X