Malware

About “Malware.AI.3070206482” infection

Malware Removal

The Malware.AI.3070206482 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.3070206482 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Exhibits behavior characteristic of iSpy Keylogger
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Attempts to modify or disable Security Center warnings

Related domains:

z.whorecord.xyz
a.tomx.xyz
ocsp.verisign.com
csc3-2010-crl.verisign.com
crl.verisign.com

How to determine Malware.AI.3070206482?


File Info:

crc32: 29391D3C
md5: f5d5290cdbe35840f377672ff99dd6aa
name: F5D5290CDBE35840F377672FF99DD6AA.mlw
sha1: ff2abf79aa2f196cb4ecf45e4366807dd1d997f7
sha256: 5e2031376c890c9b2b6901e4a59d85a0e84231bc63d5920b6b1bbabea6e7d071
sha512: 65ed72c66c268d0c445b351d6320909b3010bf9ba6443b965aafdec15703df9938bdf60e3453554e71f4b77f4715026b75072598d7d5e53eae288ab01094a3a4
ssdeep: 24576:EBvQ5aaaNByHlDhibrm+T3temh+adX7pkVPcWCaX0w3PnwOAQVR:4vE4NBshiXDT93tkVPxkw3/wpQVR
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 2010 - 2017
Assembly Version: 2.55.1.44
InternalName: ApplicationResult.exe
FileVersion: 5.55.1.44
CompanyName:
LegalTrademarks:
Comments:
ProductName: ApplicationResult
ProductVersion: 5.55.1.44
FileDescription: ApplicationResult
OriginalFilename: ApplicationResult.exe
Translation: 0x0000 0x04b0

Malware.AI.3070206482 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.315585
FireEyeGeneric.mg.f5d5290cdbe35840
CAT-QuickHealBackdoor.AgentFC.S17873730
ALYacGen:Variant.Ursu.315585
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.MSIL.Crypt.4!c
SangforMalware
K7AntiVirusTrojan ( 700000121 )
BitDefenderGen:Variant.Ursu.315585
K7GWTrojan ( 700000121 )
Cybereasonmalicious.cdbe35
CyrenW32/Trojan.SW.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Trojan.Generic-6268206-0
KasperskyHEUR:Backdoor.Win32.Agent.gen
AlibabaBackdoor:MSIL/Injector.84d69c8c
NANO-AntivirusTrojan.Win32.GenericKD.eoaczy
RisingMalware.Undefined!8.C (TFE:C:ZbNnpDhYJiB)
Ad-AwareGen:Variant.Ursu.315585
EmsisoftGen:Variant.Ursu.315585 (B)
F-SecureHeuristic.HEUR/AGEN.1118536
DrWebTrojan.DownLoader24.38064
ZillyaTrojan.Injector.Win32.512338
TrendMicroBKDR_HPNOANCOOE.SM
McAfee-GW-EditionBehavesLike.Win32.Generic.th
SophosMal/Generic-R + Troj/Kryptik-HL
IkarusTrojan.MSIL.Crypt
JiangminTrojan.MSIL.gduk
AviraHEUR/AGEN.1118536
MAXmalware (ai score=100)
Antiy-AVLTrojan[Spy]/MSIL.Omaneat
MicrosoftTrojanSpy:MSIL/Omaneat.E
GridinsoftTrojan.Win32.Downloader.oa
ArcabitTrojan.Ursu.D4D0C1
ZoneAlarmHEUR:Backdoor.Win32.Agent.gen
GDataGen:Variant.Ursu.315585
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Andromeda.C1914524
McAfeeTrojan-FMAP!F5D5290CDBE3
VBA32Trojan.MSIL.Crypt
MalwarebytesMalware.AI.3070206482
PandaTrj/GdSda.A
ZonerTrojan.Win32.54254
ESET-NOD32a variant of MSIL/Injector.RXR
TrendMicro-HouseCallBKDR_HPNOANCOOE.SM
TencentWin32.Trojan.Inject.Auto
YandexTrojan.Crypt!UHK1ScnZVik
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.RXR!tr
BitDefenderThetaGen:NN.ZemsilF.34804.Bn0@aGdvdQf
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Backdoor.6e0

How to remove Malware.AI.3070206482?

Malware.AI.3070206482 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment