Malware.AI.308686458 (file analysis)

The Malware.AI.308686458 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.308686458 virus can do?

Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Authenticode signature is invalid
CAPE detected the Gandcrab malware family

How to determine Malware.AI.308686458?


File Info:
name: DCA2E322B4B13835811F.mlw
path: /opt/CAPEv2/storage/binaries/92f241b2c1ca111e08d770114b87ec8b6185f773901540451ae50a8a99ccd7ed
crc32: BDDBEF96
md5: dca2e322b4b13835811f4c8dfb760ada
sha1: 5c9312c2199b446e21b103e664a9724aadd16c73
sha256: 92f241b2c1ca111e08d770114b87ec8b6185f773901540451ae50a8a99ccd7ed
sha512: 51695623e65b2885299a22609c259fd6393fc6f9caf24204b771449c3bd97f093d8a8920566b76b569ae1960c3e1207d4a338bd75eb8a122984724ab6f9f9de1
ssdeep: 1536:fJIREan33koVwyDZlJ4KTXmocOw510sWjcdKsIj3viPSuxzub:BIbn33lVVbJa7KsIj3viPbc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C0E35C13B2E48062F5F76A3221B4A932567EFD724C65580FA3D41A8E0D316C19F2DF9B
sha3_384: 7da158d109d6618a660baa73207d7a7be691b4091b65810319e9e5d9c19c30eb9d3bea1a431ce5e401d29d5adb99e3e3
ep_bytes: 558bece8000000003e83042411750574
timestamp: 2018-10-09 22:48:07

Version Info:
0: [No Data]

Malware.AI.308686458 also known as:

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Generic.Ransom.GandCrab4.878BBBB5
ClamAV	Win.Ransomware.Gandcrab-9764464-0
FireEye	Generic.mg.dca2e322b4b13835
CAT-QuickHeal	Trojan.Mauvaise.SL1
McAfee	GenericRXGY-QL!DCA2E322B4B1
Malwarebytes	Malware.AI.308686458
Zillya	Trojan.GandCrypt.Win32.1575
Sangfor	Ransom.Win32.Gandcrab_8.se
Cybereason	malicious.2b4b13
Symantec	Ransom.GandCrab!g4
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Filecoder.GandCrab.D
Cynet	Malicious (score: 100)
BitDefender	Generic.Ransom.GandCrab4.878BBBB5
NANO-Antivirus	Trojan.Win32.Filecoder.fixioj
Avast	Win32:RansomX-gen [Ransom]
Rising	Ransom.GandCrab!1.B42B (CLASSIC)
Ad-Aware	Generic.Ransom.GandCrab4.878BBBB5
Emsisoft	Generic.Ransom.GandCrab4.878BBBB5 (B)
Comodo	TrojWare.Win32.Gandcrab.AA@7w10qu
DrWeb	Trojan.Encoder.24384
VIPRE	Generic.Ransom.GandCrab4.878BBBB5
McAfee-GW-Edition	GenericRXGY-QL!DCA2E322B4B1
Trapmine	malicious.high.ml.score
Sophos	Troj/Patched-BY
SentinelOne	Static AI – Suspicious PE
GData	Generic.Ransom.GandCrab4.878BBBB5
Jiangmin	Trojan.Generic.dmckt
Webroot	W32.Trojan.Gen
Avira	TR/FileCoder.lfdlu
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASCommon.12D
Arcabit	Generic.Ransom.GandCrab4.878BBBB5
Microsoft	Ransom:Win32/GandCrab.MCTQX
Google	Detected
AhnLab-V3	Trojan/Win32.Gandcrab.R247471
ALYac	Generic.Ransom.GandCrab4.878BBBB5
VBA32	BScope.TrojanRansom.Cryptor
Cylance	Unsafe
Yandex	Trojan.Filecoder!i4iBb+tozRc
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/GandCrab.D!tr
BitDefenderTheta	Gen:NN.ZexaF.34646.juY@aa420ui
AVG	Win32:RansomX-gen [Ransom]

How to remove Malware.AI.308686458?

Malware.AI.308686458 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X