Categories: Malware

About “Malware.AI.3300743898” infection

The Malware.AI.3300743898 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.3300743898 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Anomalous file deletion behavior detected (10+)
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial binary language: Russian
Unconventionial language used in binary resources: Russian
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Behavioural detection: Transacted Hollowing
A process attempted to delay the analysis task by a long amount of time.
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
A process sent information about the computer to a remote location.
Creates a hidden or system file
CAPE detected the Amadey malware family
Attempts to identify installed AV products by installation directory
Attempts to modify proxy settings
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

Related domains:

wpad.local-net

How to determine Malware.AI.3300743898?


File Info:
name: 1D304C915F733F45F9D6.mlwpath: /opt/CAPEv2/storage/binaries/1f1357de60b52b3fa6ffd7b1032502fb13d406f82a78cee322128f19d600c6fccrc32: 0F01163Emd5: 1d304c915f733f45f9d6d5e0490ca260sha1: 689d54a20472ce156b6d6016f5063a9bb634a75esha256: 1f1357de60b52b3fa6ffd7b1032502fb13d406f82a78cee322128f19d600c6fcsha512: ccd5ed1a1ef316778c8dcdb774f05138fafcd05da2c6965b19f6c1b9fd5623ef98d731887def92e7892990d9d47ce3bb21acc6c22e91ee18462a377be43ca707ssdeep: 12288:SbQwGFHng0fgP9/TXf6owEbxmGgP5Nta2zQ278gzAk8k8k8k:SbQwinrfgP9/Tj/8aSp78gNFFFtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A0554731552DD83ED8A6C0B1EE6BC7E8D72D5B714B08B0C776E4781A00A6CA1CB7B9C5sha3_384: 335fa94f6eb20651ad68ef5849b7aca6880f5f149600d2882e55190304721d5819175c56e448213520f3d87295dcf2acep_bytes: 558bec6aff68d082470068c4ab460064timestamp: 2021-10-07 11:07:35
Version Info:
FileDescription: MSIAfterburner ApplicationFileVersion: 165, 50, 05, 1InternalName: MSIAfterburnerLegalCopyright: Copyright (C) 2021OriginalFilename: MSIAfterburner.exeProductName:  MSIAfterburner ApplicationProductVersion: 165, 50, 05, 1Translation: 0x0419 0x04b0

Malware.AI.3300743898 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen15.22749
MicroWorld-eScan	Gen:Variant.Mikey.131029
FireEye	Generic.mg.1d304c915f733f45
ALYac	Gen:Variant.Mikey.131029
Cylance	Unsafe
Sangfor	Trojan.Win32.Injuke.gen
K7AntiVirus	Trojan ( 005890341 )
Alibaba	Trojan:Win32/Injuke.ed0acf61
K7GW	Trojan ( 005890341 )
BitDefenderTheta	Gen:NN.ZexaF.34294.vr3@aCItz6oc
Cyren	W32/Kryptik.FQE.gen!Eldorado
Symantec	Packed.Generic.497
ESET-NOD32	a variant of Win32/Kryptik.HNBS
TrendMicro-HouseCall	TROJ_GEN.R011C0GJJ21
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Injuke.gen
BitDefender	Gen:Variant.Mikey.131029
Avast	Win32:CrypterX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10cf6d63
Ad-Aware	Gen:Variant.Mikey.131029
Zillya	Trojan.GenKryptik.Win32.107861
TrendMicro	TROJ_GEN.R011C0GJJ21
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.tt
Emsisoft	Gen:Variant.Mikey.131029 (B)
Ikarus	Trojan.Win32.Krypt
GData	Gen:Variant.Mikey.131029
Jiangmin	Trojan.Injuke.lss
Avira	TR/Kryptik.hykla
Antiy-AVL	Trojan/Generic.ASMalwS.34B03F9
Kingsoft	Win32.Troj.Undef.(kcloud)
ViRobot	Trojan.Win32.Z.Jaik.1396565
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
McAfee	GenericRXAA-AA!1D304C915F73
MAX	malware (ai score=80)
VBA32	Malware-Cryptor.Inject.gen
Malwarebytes	Malware.AI.3300743898
APEX	Malicious
Rising	Backdoor.Mokes!1.CECE (CLASSIC)
Yandex	Trojan.Injuke!ynZKw643KFw
MaxSecure	Trojan.Malware.74209402.susgen
Fortinet	W32/GenKryptik.FLVQ!tr
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_90% (W)