Malware

Should I remove “Malware.AI.3279379671”?

Malware Removal

The Malware.AI.3279379671 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3279379671 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Attempts to modify or disable Security Center warnings
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

wpad.local-net

How to determine Malware.AI.3279379671?



File Info:

name: 68A9F6A141FB73C65419.mlw
path: /opt/CAPEv2/storage/binaries/18d2c0fdd8614333641267ae9a523167f127eecb979edc442391e92e97c158fc
crc32: EA08E8E5
md5: 68a9f6a141fb73c654199258f1221d81
sha1: 2175f0c910b43b167e9604173ec3873b5163da4a
sha256: 18d2c0fdd8614333641267ae9a523167f127eecb979edc442391e92e97c158fc
sha512: 421c4fb58018908927cf97a63d5e810fe725d1a7d61ff07d5f67941c297c7ef823710c87ae7612d4d68fdc86e5ee28ba7ed4cec78d530533f8856db46aeb2af3
ssdeep: 3072:hoF3CkEnm23lSuURxK/paQFVCIyxZtIbLPISKaTMjD2B9r3nWGtot+OO2ETG/8dI:8IzSsMJPL8tnIFIJVSITSQi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D974D71AA6FFB9DAD001B9F1CFC2E0BD8527C13A1E0F347B1284468B0B25C6556DB9B5
sha3_384: cad4fbbc10fd4c7267b87bc9dd3e3ceaad10bbeb91c0a129b3cde0193b8e23b148107d42803871d221e329a406e643c3
ep_bytes: 760285d301f30fafdabff99ed692fec6
timestamp: 2010-08-09 04:19:25


Version Info:

Translation: 0x0409 0x04b0
Comments: zwTp
CompanyName: Bqn
FileDescription: MZnUmY
LegalCopyright: riwGppcO
LegalTrademarks: TPcftOQakf
ProductName: YqKeYNtCC
FileVersion: 5.19.0015
ProductVersion: 5.19.0015
InternalName: Server[1]
OriginalFilename: Server[1].exe

Malware.AI.3279379671 also known as:

BkavW32.Sality.PE
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Sality.3
FireEyeGeneric.mg.68a9f6a141fb73c6
CAT-QuickHealW32.Sality.U
CylanceUnsafe
ZillyaVirus.Sality.Win32.25
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( f10001071 )
K7GWVirus ( f10001071 )
Cybereasonmalicious.141fb7
BaiduWin32.Virus.Sality.gen
CyrenW32/Sality.gen2
SymantecW32.Sality.AE
ESET-NOD32Win32/Sality.NBA
APEXMalicious
ClamAVWin.Packed.Refroso-6936936-0
KasperskyBackdoor.Win32.Bifrose.gam
BitDefenderWin32.Sality.3
NANO-AntivirusVirus.Win32.Sality.beygb
AvastWin32:SaliCode [Inf]
TencentVirus.Win32.TuTu.Gen.200004
Ad-AwareWin32.Sality.3
TACHYONVirus/W32.Sality.D
EmsisoftWin32.Sality.3 (B)
ComodoVirus.Win32.Sality.gen@1egj5j
F-SecureMalware.W32/Sality.AT
DrWebWin32.Sector.30
VIPREVirus.Win32.Sality.at (v)
TrendMicroPE_SALITY.RL
McAfee-GW-EditionBehavesLike.Win32.Sality.fm
SophosML/PE-A + Mal/Sality-D
IkarusTrojan-Dropper.Win32.Bifrose
GDataWin32.Sality.3
JiangminWin32/HLLP.Kuku.poly2
AviraW32/Sality.AT
Antiy-AVLVirus/Win32.Sality.gen
ArcabitWin32.Sality.3
ViRobotWin32.Sality.Gen.A
MicrosoftTrojanDropper:Win32/Bifrose.F
CynetMalicious (score: 100)
AhnLab-V3Win32/Kashu.E
Acronissuspicious
McAfeeW32/Sality.gen.z
MAXmalware (ai score=83)
VBA32Virus.Win32.Sality.bakc
MalwarebytesMalware.AI.3279379671
TrendMicro-HouseCallPE_SALITY.RL
RisingMalware.Heuristic!ET#98% (RDMK:cmRtazrUJzFcZkrmmOiAq4tjaD3U)
YandexTrojan.GenAsa!zsKxMqyCeSE
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_91%
FortinetW32/CoinMiner.BH
BitDefenderThetaAI:FileInfector.A5ECCBAB0E
AVGWin32:SaliCode [Inf]
PandaW32/Sality.AA
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureVirus.Sality.BH

How to remove Malware.AI.3279379671?

Malware.AI.3279379671 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment