Malware

Malware.AI.3129595243 (file analysis)

Malware Removal

The Malware.AI.3129595243 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3129595243 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Steals private information from local Internet browsers
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients

How to determine Malware.AI.3129595243?



File Info:

name: E4B5D027E3954EDD190F.mlw
path: /opt/CAPEv2/storage/binaries/9c4c71b3c0162c158e10fde626ba08ee9f11d4f6af567fa1feb52ed502ef04bf
crc32: 7D83C900
md5: e4b5d027e3954edd190f9ac9fadf80c7
sha1: 5a47ea6b198e91ea77ee3a8f34378f9dbc22d224
sha256: 9c4c71b3c0162c158e10fde626ba08ee9f11d4f6af567fa1feb52ed502ef04bf
sha512: 4fd33b22eda16e0ff7825724cc74263f6cb44ef27ce3c2a8c486c8bc90a6b86f26efd5290946bb71b9c19770c58c54cfee720a1615e508dd5818aa65eca0cb89
ssdeep: 6144:MqUpG/rr9N/qBJQ75bFhT8unn5L4OPQImwcViadcZx5TIk8LT2JQ9OKj8:HsG/rZN/qBJeFhT8GSuQImwcVa5S2AOx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5A5D0655B16C802C3831B744AA0F6F55139BF8E3F62937389F67EAF3672E8469090D4
sha3_384: dc994d7d5dfb631e6aa791a8d8d01575867c8f2c649ffb4101aa6380dff3c89e9ac3392b99e4a6629150cc759e83cb24
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-04-16 15:55:07


Version Info:

Translation: 0x0000 0x04b0
Comments: WarezNamez Pro
CompanyName: cleanc0de
FileDescription: WarezNamez Pro
FileVersion: 1.0.1.0
InternalName: fertig.exe
LegalCopyright: WarezNamez Pro
LegalTrademarks: WarezNamez Pro
OriginalFilename: fertig.exe
ProductName: WarezNamez Pro
ProductVersion: 1.0.1.0
Assembly Version: 1.0.1.0

Malware.AI.3129595243 also known as:

MicroWorld-eScanGen:Variant.Razy.452439
FireEyeGeneric.mg.e4b5d027e3954edd
McAfeePUP-XAS-EQ
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 700000121 )
K7AntiVirusTrojan ( 700000121 )
BitDefenderThetaGen:NN.ZemsilF.34742.@n3@aCI50eg
CyrenW32/S-12d9ae81!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Kryptik.JC
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.452439
NANO-AntivirusTrojan.Win32.Comet.didzmu
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b0d8b9
Ad-AwareGen:Variant.Razy.452439
EmsisoftGen:Variant.Razy.452439 (B)
DrWebTrojan.PWS.Multi.911
ZillyaTrojan.Chisburg.Win32.280
McAfee-GW-EditionPUP-XAS-EQ
SentinelOneStatic AI – Malicious PE
Trapminesuspicious.low.ml.score
SophosML/PE-A + Troj/MSIL-IYG
APEXMalicious
GDataGen:Variant.Razy.452439
JiangminTrojan/Jorik.hawv
AviraHEUR/AGEN.1236039
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Chisburg.C169019
Acronissuspicious
VBA32Trojan.Chisburg
ALYacGen:Variant.Razy.452439
MAXmalware (ai score=82)
MalwarebytesMalware.AI.3129595243
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:brWbw4hN61wJvGyqBqpRZg)
YandexTrojan.PWS.Chisburg!asiZwarjQds
IkarusBackdoor.Win32.Fynloski
MaxSecureTrojan.Malware.109655337.susgen
FortinetMSIL/Kryptik.WAT!tr
AVGWin32:Malware-gen
Cybereasonmalicious.7e3954

How to remove Malware.AI.3129595243?

Malware.AI.3129595243 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment