Malware

Malware.AI.3078296981 (file analysis)

Malware Removal

The Malware.AI.3078296981 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3078296981 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location

How to determine Malware.AI.3078296981?



File Info:

name: D427B348007F64D52A2F.mlw
path: /opt/CAPEv2/storage/binaries/b000f39e12207d0ac2bc0764cc088bde5119485eb3d1c36e6b6c43101ba50add
crc32: B99571D9
md5: d427b348007f64d52a2fbccf387834e2
sha1: 84b00cac77df0f72bb17e5643d0f2eebfdc7a499
sha256: b000f39e12207d0ac2bc0764cc088bde5119485eb3d1c36e6b6c43101ba50add
sha512: 93d2e0826daf1fabc302d17fa3753e32f520b829fdb9de20f8dea8bb999976f94422e9a291654b07583adcb68f9c2d7b53a53d20daf72a9774ca11fabec5a8bc
ssdeep: 192:5atg9aRQ2f0tErjU7L9sZP1oyn1KER+UWdto9KZjzCI/ZKmqdwJz7pdGLGhdLQ3+:qRQ2Gx/Kl1rPb8to9KJzCIBOg7pkSb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124B2A26646D1353DE2760E3945F687869634BC212F09868F3D4DF608B83FB83ACB175A
sha3_384: 6fdab7399face93a61519fb29ff524c1f0c44a2fd7f4f417778ebe27d4836abfa05cd8f1e1cc88b6f234b14efeb13bb1
ep_bytes: 53b8ffff0010e8a3f9ffff5bc3ccff25
timestamp: 1995-08-29 03:05:47


Version Info:

FileDescription: JuJu
FileVersion: 2.1.2.11
LegalCopyright: Copyright 2009-2013 all authors
OriginalFilename: JuJu.exe
ProductName: JuJu
ProductVersion: 2.1.2.11
CompanyName: JuJu corporation
Translation: 0x0411 0x04b2

Malware.AI.3078296981 also known as:

BkavW32.FamVT.GeND.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.BFBL
FireEyeGeneric.mg.d427b348007f64d5
CAT-QuickHealTrojanDownloader.Upatre.AA4
McAfeeDownloader-FSH
MalwarebytesMalware.AI.3078296981
VIPRETrojan.Agent.BFBL
Sangfor[ARMADILLO V1.71]
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.8007f6
BaiduWin32.Trojan-Downloader.Waski.a
VirITTrojan.Win32.Generic.AX
CyrenW32/Trojan.GWOP-3222
SymantecBackdoor.Trojan
ESET-NOD32a variant of Win32/Kryptik.CKFL
APEXMalicious
ClamAVWin.Packed.Upatre-9952430-0
KasperskyTrojan-Downloader.Win32.Upatre.edv
BitDefenderTrojan.Agent.BFBL
NANO-AntivirusTrojan.Win32.Cutwail.dempmv
AvastWin32:Trojan-gen
TencentTrojan-Downloader.Win32.Waski.16000151
Ad-AwareTrojan.Agent.BFBL
ComodoTrojWare.Win32.TrojanDownloader.Waski.DA@5iyglc
DrWebTrojan.DownLoader11.33060
ZillyaTrojan.Cutwail.Win32.572
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionDownloader-FSH!D427B348007F
Trapminemalicious.high.ml.score
EmsisoftTrojan.Agent.BFBL (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Cutwail.gk
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1205372
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Zbot.svfs!MTB
GDataWin32.Trojan-Downloader.Upatre.BK
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.C535016
BitDefenderThetaGen:NN.ZexaF.34742.bq1@aOWmFtpi
ALYacTrojan.Agent.BFBL
VBA32Trojan.Cutwail
CylanceUnsafe
TrendMicro-HouseCallTROJ_UPATRE.SM37
RisingDownloader.Waski!1.A489 (CLASSIC)
YandexTrojan.Cutwail!E463M3omQig
IkarusTrojan.Win32.Bublik
MaxSecureTrojan.Upatre.Gen
FortinetW32/Waski.A!tr.dldr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3078296981?

Malware.AI.3078296981 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment