Malware

How to remove “Malware.AI.3169123986”?

Malware Removal

The Malware.AI.3169123986 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3169123986 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Behavioural detection: Injection (inter-process)
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup

How to determine Malware.AI.3169123986?



File Info:

name: 545A3765DD4FF9A2DC30.mlw
path: /opt/CAPEv2/storage/binaries/f48d5f829abae7706e6f021c343ae80490d19ecce9163e2ee7f4e8c5f4da2aef
crc32: 2D17F4C0
md5: 545a3765dd4ff9a2dc30b0ea450fa270
sha1: 7c66fae70cfd720d1af9acf959d2aaf42a156962
sha256: f48d5f829abae7706e6f021c343ae80490d19ecce9163e2ee7f4e8c5f4da2aef
sha512: 437853c5a71a3dc1f16bbd63f554cef795a7dab885349b2c8bfd8249d94005198b7189611f1e7e6d4e04186f237a3e9ced1f6ca2058be4ffa5035a08a1eb4e8b
ssdeep: 49152:qmPDUlY7Exj3BPpwzX4ZJcvPYWADB61Fjnpk/uA8n+0LZ4VSHFeAP9EPg:qmP4+7ExbRpqXxgpDBu92/R8b4gHFd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F06E0C01302FBAFC3E1E1FB686556F433168ACED515B995D61CD64018AB12F0AAFED2
sha3_384: 8a059595f206d71dec073f2a1094373b36a395d02656a02d17dd3f9fb9e5d0a0d5ab892d8455d0b926967f902705bd7e
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-09-03 08:16:09


Version Info:

ProductName: WinRAR
CompanyName: Alexander Roshal
FileDescription: WinRAR archiver
FileVersion: 5.11.0
ProductVersion: 5.11.0
InternalName: WinRAR
LegalCopyright: Copyright © Alexander Roshal 1993-2014
OriginalFilename: WinRAR.exe
Translation: 0x0409 0x04e4

Malware.AI.3169123986 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Johnnie.378919
FireEyeGeneric.mg.545a3765dd4ff9a2
ALYacGen:Variant.Johnnie.378919
MalwarebytesMalware.AI.3169123986
K7AntiVirusTrojan ( 004c9c051 )
K7GWTrojan ( 004c9c051 )
Cybereasonmalicious.5dd4ff
CyrenW32/Trojan.WYIV-6382
ESET-NOD32a variant of MSIL/Injector.KWF
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Johnnie.378919
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Johnnie.378919
EmsisoftGen:Variant.Johnnie.378919 (B)
DrWebTrojan.Inject4.15061
VIPRETrojan.Win32.Generic!BT
GDataGen:Variant.Johnnie.378919
AviraTR/Injector.xogju
Antiy-AVLTrojan/Generic.ASMalwS.3458B0C
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C4578253
MAXmalware (ai score=83)
VBA32Trojan.MSIL.gen.a.15
YandexTrojan.Agent!Z6IYikqlwJI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Injector.B!tr
BitDefenderThetaGen:NN.ZemsilF.34062.Wt1@aeMvD6mi
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Malware.AI.3169123986?

Malware.AI.3169123986 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment