Malware

What is “Malware.AI.3246884281”?

Malware Removal

The Malware.AI.3246884281 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3246884281 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Created a process from a suspicious location
  • Collects information to fingerprint the system

How to determine Malware.AI.3246884281?



File Info:

name: DFB026FF2FF76C02EA5F.mlw
path: /opt/CAPEv2/storage/binaries/36242125f1e22203d7940957cc92b95682ec94a85f8f972e86b577fe94595454
crc32: B36DD260
md5: dfb026ff2ff76c02ea5faa68fdd9741d
sha1: 4837451a4cabbe9118fa27f71487629faede23cc
sha256: 36242125f1e22203d7940957cc92b95682ec94a85f8f972e86b577fe94595454
sha512: 3e21758e16b08d4a09e16d49c6825ca85d40fc7603e8651d814fb63fdce4ab6ef0738d264c555ec3c89fdba0f0e19aae01481f3f4059404623d49fe6d4b7260e
ssdeep: 3072:QJf3ZV5NPeY/q0UvQNlGFrfhvBU3DdF7n8sKNa0t:QJf3ZV1/qlpvBU3ZLKNa0t
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T106F301D5B63E5945F534143068A19AC10A2FDC3CFA4AAD5BFFAB9021C1EF66C244BE43
sha3_384: 22cf2ab49a322d5afadea63b22a15e444883be7feff74de027174b5944d05bbf1bf3ea2dddf1d549e7c14f3331720d9e
ep_bytes: 5589e583ec08c7042402000000ff1544
timestamp: 2012-02-11 13:45:47


Version Info:

0: [No Data]

Malware.AI.3246884281 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.dfb026ff2ff76c02
ALYacGen:Variant.Barys.313
CylanceUnsafe
ZillyaDownloader.Avalod.Win32.8770
SangforTrojan.Win32.Barys.313
K7AntiVirusRiskware ( 0015e4f11 )
AlibabaTrojanDownloader:Win32/CeeInject.09cbdbfd
K7GWRiskware ( 0015e4f11 )
CrowdStrikewin/malicious_confidence_90% (W)
VirITTrojan.Win32.Generic.BAPV
SymantecTrojan Horse
ESET-NOD32Win32/TrojanDownloader.Agent.RAG
APEXMalicious
ClamAVWin.Malware.Zbot-9863203-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.313
NANO-AntivirusTrojan.Win32.DownLoad2.vkwej
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
MicroWorld-eScanGen:Variant.Barys.313
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10ce450b
Ad-AwareGen:Variant.Barys.313
EmsisoftGen:Variant.Barys.313 (B)
ComodoTrojWare.Win32.TrojanDownloader.Agent.RAJ@4pplmg
DrWebTrojan.DownLoad2.64018
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.ZBot.cc
SophosMal/Generic-R + Mal/EncPk-AEE
IkarusTrojan-PWS.Win32.Zbot
GDataGen:Variant.Barys.313
JiangminTrojanDownloader.Avalod.lay
WebrootW32.InfoStealer.Zeus
AviraHEUR/AGEN.1231623
Antiy-AVLTrojan/Win32.Unknown
ArcabitTrojan.Barys.313
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Zbot.AAO!MTB
McAfeePWS-Zbot.gen.rz
MAXmalware (ai score=100)
VBA32TrojanDownloader.Avalod
MalwarebytesMalware.AI.3246884281
TrendMicro-HouseCallTROJ_PAM_0000010287.T3
RisingDownloader.Agent!8.B23 (CLOUD)
YandexTrojan.GenAsa!qF8O9qw7p98
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.3620110.susgen
FortinetW32/Injector.OEC!tr
BitDefenderThetaAI:Packer.15BA44651E
AVGWin32:Trojan-gen
PandaGeneric Malware

How to remove Malware.AI.3246884281?

Malware.AI.3246884281 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment