What is “Malware.AI.3096603105”?

The Malware.AI.3096603105 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3096603105 virus can do?

The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Network activity detected but not expressed in API logs

How to determine Malware.AI.3096603105?


File Info:
crc32: C8F1B149
md5: c638e8327f9bbf1b0acadfc1a7a3cdd0
name: C638E8327F9BBF1B0ACADFC1A7A3CDD0.mlw
sha1: 57e822f7ea9c96d9e6997cb7fe85b7f279c6e810
sha256: 9bf20509ce5be3d8dd7afed314d9739a5a4e241bab4a6e3b8946f8b3a88c3ce9
sha512: 3f9549e95582cd3ab77694f292abf38d26f2dddce322cd1325c480e436a467fe939aa2478d4eeb655ffce3be7a961b1471fbeac53bc492b9d02253142ac3a497
ssdeep: 12288:TQ9U0sb9DG0JlCCr9pKkrWARRwdoHa6+dAp/X:TQ+HCuMkrWTo3P
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2011
Assembly Version: 1.3.0.1
InternalName: Natasha.exe
FileVersion: 1.3.0.9
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: D.A.F.P.H
ProductVersion: 1.3.0.9
FileDescription: Device Association Framework Provider Host
OriginalFilename: Natasha.exe

Malware.AI.3096603105 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.DataStealer.1.0A1B7F9F
FireEye	Generic.mg.c638e8327f9bbf1b
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
BitDefender	Generic.DataStealer.1.0A1B7F9F
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Spyware.Agent!8.C6 (TFE:dGZlOg2Pnk38uyQBOQ)
Ad-Aware	Generic.DataStealer.1.0A1B7F9F
Emsisoft	Generic.DataStealer.1.0A1B7F9F (B)
F-Secure	Heuristic.HEUR/AGEN.1134525
DrWeb	Trojan.PWS.Siggen2.62119
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Sophos	ML/PE-A
Ikarus	Trojan.MSIL.Vmprotect
GData	MSIL.Trojan-Stealer.DataStealer.B
Avira	HEUR/AGEN.1134525
Arcabit	Generic.DataStealer.1.0A1B7F9F
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Wacatac.D9!ml
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZemsilF.34590.Lu0@aKiT6L
ALYac	Generic.DataStealer.1.0A1B7F9F
MAX	malware (ai score=80)
Malwarebytes	Malware.AI.3096603105
ESET-NOD32	a variant of MSIL/Spy.Agent.DAT
SentinelOne	Static AI – Malicious PE
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.27f9bb

How to remove Malware.AI.3096603105?

Malware.AI.3096603105 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X