Malware

About “Malware.AI.3114644635” infection

Malware Removal

The Malware.AI.3114644635 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3114644635 virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Compiles .NET code into an executable and executes it
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Uses csc.exe C# compiler to build and execute code
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.3114644635?



File Info:

name: 885E4006CB2A47CFF6E1.mlw
path: /opt/CAPEv2/storage/binaries/7d2f9de12c41a8d2eab6303c2e6e0d76165758d2c9f7f9603790dbd99e4a1e60
crc32: A345D89E
md5: 885e4006cb2a47cff6e1ff51e3ec80ea
sha1: 686ac5edee606924d4700f1c9a44c136c152bc01
sha256: 7d2f9de12c41a8d2eab6303c2e6e0d76165758d2c9f7f9603790dbd99e4a1e60
sha512: 007e8bdadf8ca7a5201b7c116099726b47bdea094c45abd5b13ef9d45001149108d3c11ad9e84a0161ed63dea54c9216f62bf364b2c11d65467bf84cb189b8fe
ssdeep: 768:FK+vOMOecrYwVC2w8Im4DI6iM9L9pFZzCIf7+kNXzu33mOGbSOQJ5ukOcrstZyMq:FKSOfBwZwliV0JX1J
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B0A40950126E272BE2F17BBFE7C0B291CD629B726A4714DC290726186523F46CFA05FD
sha3_384: 52dce0ab1947fe565fdad486d0b1980975939156b606ce03bf910bbffb659aa305522f8e6a71f0c9d9e044efad3ab1d7
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-01-14 22:51:54


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: x222y.exe
LegalCopyright:  
OriginalFilename: x222y.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Malware.AI.3114644635 also known as:

BkavW32.AIDetectMalware.CS
LionicVirus.MSIL.Lamer.n!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.94672
FireEyeGeneric.mg.885e4006cb2a47cf
CAT-QuickHealW32.Lamer.M3
SkyhighBehavesLike.Win32.Generic.gz
McAfeeGenericRXAO-XB!885E4006CB2A
MalwarebytesMalware.AI.3114644635
ZillyaTrojan.RibajGen.Win32.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00544e311 )
AlibabaVirus:MSIL/CryptInject.409a30b5
K7GWTrojan ( 00544e311 )
Cybereasonmalicious.dee606
ArcabitTrojan.Generic.D171D0
BitDefenderThetaGen:NN.ZemsilF.36744.Cm2@aaiobrp
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Ribaj.D
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Virus.MSIL.Lamer.gen
BitDefenderTrojan.GenericKDZ.94672
NANO-AntivirusTrojan.Win32.Kazy.elhoip
AvastWin32:MalwareX-gen [Trj]
RisingTrojan.Ribaj!1.B577 (CLASSIC)
TACHYONWorm/W32.MSILamer
EmsisoftTrojan.GenericKDZ.94672 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebMSIL.Cola.1
VIPRETrojan.GenericKDZ.94672
TrendMicroVirus.MSIL.RIBAJ.SMW
Trapminemalicious.moderate.ml.score
SophosMSIL/Ribaj-A
SentinelOneStatic AI – Malicious PE
JiangminVirus.MSIL.Lamer.a
VaristW32/MSIL_Ribaj.F.gen!Eldorado
AviraTR/Dropper.Gen
Antiy-AVLTrojan/MSIL.Ribaj.a
Kingsoftmalware.kb.c.1000
XcitiumVirus.MSIL.Ribaj.F@7oybry
MicrosoftTrojan:Win32/CoinMiner!pz
ZoneAlarmHEUR:Virus.MSIL.Lamer.gen
GDataMSIL.Virus.Ribaj.B
GoogleDetected
AhnLab-V3Win32/Ribaj.X1979
VBA32Virus.MSIL.Lamer.1
ALYacTrojan.GenericKDZ.94672
MAXmalware (ai score=81)
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallVirus.MSIL.RIBAJ.SMW
TencentMsil.Virus.Ribaj.Aujl
IkarusVirus.MSIL.CryptInject
MaxSecureTrojan.generickdz.51307
FortinetMSIL/Ribaj.D
AVGWin32:MalwareX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3114644635?

Malware.AI.3114644635 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment