Malware

About “Malware.AI.3300743898” infection

Malware Removal

The Malware.AI.3300743898 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3300743898 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • A process attempted to delay the analysis task by a long amount of time.
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • A process sent information about the computer to a remote location.
  • Creates a hidden or system file
  • CAPE detected the Amadey malware family
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

wpad.local-net

How to determine Malware.AI.3300743898?



File Info:

name: 1D304C915F733F45F9D6.mlw
path: /opt/CAPEv2/storage/binaries/1f1357de60b52b3fa6ffd7b1032502fb13d406f82a78cee322128f19d600c6fc
crc32: 0F01163E
md5: 1d304c915f733f45f9d6d5e0490ca260
sha1: 689d54a20472ce156b6d6016f5063a9bb634a75e
sha256: 1f1357de60b52b3fa6ffd7b1032502fb13d406f82a78cee322128f19d600c6fc
sha512: ccd5ed1a1ef316778c8dcdb774f05138fafcd05da2c6965b19f6c1b9fd5623ef98d731887def92e7892990d9d47ce3bb21acc6c22e91ee18462a377be43ca707
ssdeep: 12288:SbQwGFHng0fgP9/TXf6owEbxmGgP5Nta2zQ278gzAk8k8k8k:SbQwinrfgP9/Tj/8aSp78gNFFF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A0554731552DD83ED8A6C0B1EE6BC7E8D72D5B714B08B0C776E4781A00A6CA1CB7B9C5
sha3_384: 335fa94f6eb20651ad68ef5849b7aca6880f5f149600d2882e55190304721d5819175c56e448213520f3d87295dcf2ac
ep_bytes: 558bec6aff68d082470068c4ab460064
timestamp: 2021-10-07 11:07:35


Version Info:

FileDescription: MSIAfterburner Application
FileVersion: 165, 50, 05, 1
InternalName: MSIAfterburner
LegalCopyright: Copyright (C) 2021
OriginalFilename: MSIAfterburner.exe
ProductName:  MSIAfterburner Application
ProductVersion: 165, 50, 05, 1
Translation: 0x0419 0x04b0

Malware.AI.3300743898 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.22749
MicroWorld-eScanGen:Variant.Mikey.131029
FireEyeGeneric.mg.1d304c915f733f45
ALYacGen:Variant.Mikey.131029
CylanceUnsafe
SangforTrojan.Win32.Injuke.gen
K7AntiVirusTrojan ( 005890341 )
AlibabaTrojan:Win32/Injuke.ed0acf61
K7GWTrojan ( 005890341 )
BitDefenderThetaGen:NN.ZexaF.34294.vr3@aCItz6oc
CyrenW32/Kryptik.FQE.gen!Eldorado
SymantecPacked.Generic.497
ESET-NOD32a variant of Win32/Kryptik.HNBS
TrendMicro-HouseCallTROJ_GEN.R011C0GJJ21
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Injuke.gen
BitDefenderGen:Variant.Mikey.131029
AvastWin32:CrypterX-gen [Trj]
TencentMalware.Win32.Gencirc.10cf6d63
Ad-AwareGen:Variant.Mikey.131029
ZillyaTrojan.GenKryptik.Win32.107861
TrendMicroTROJ_GEN.R011C0GJJ21
McAfee-GW-EditionBehavesLike.Win32.Lockbit.tt
EmsisoftGen:Variant.Mikey.131029 (B)
IkarusTrojan.Win32.Krypt
GDataGen:Variant.Mikey.131029
JiangminTrojan.Injuke.lss
AviraTR/Kryptik.hykla
Antiy-AVLTrojan/Generic.ASMalwS.34B03F9
KingsoftWin32.Troj.Undef.(kcloud)
ViRobotTrojan.Win32.Z.Jaik.1396565
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
McAfeeGenericRXAA-AA!1D304C915F73
MAXmalware (ai score=80)
VBA32Malware-Cryptor.Inject.gen
MalwarebytesMalware.AI.3300743898
APEXMalicious
RisingBackdoor.Mokes!1.CECE (CLASSIC)
YandexTrojan.Injuke!ynZKw643KFw
MaxSecureTrojan.Malware.74209402.susgen
FortinetW32/GenKryptik.FLVQ!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Malware.AI.3300743898?

Malware.AI.3300743898 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment