Malware

Malware.AI.3308775020 (file analysis)

Malware Removal

The Malware.AI.3308775020 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3308775020 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Malware.AI.3308775020?



File Info:

name: 7C9FA0308B2B585AAB59.mlw
path: /opt/CAPEv2/storage/binaries/39c7a79db705bb1f0493fbde33d3702041e5a5d7e545c031eb1cbd0caa4d6713
crc32: 84F71BB2
md5: 7c9fa0308b2b585aab59e40f8a11ab90
sha1: e4c02254a5c1d031a5282b67feeee2cb91ead418
sha256: 39c7a79db705bb1f0493fbde33d3702041e5a5d7e545c031eb1cbd0caa4d6713
sha512: 5f800be08252b2ec11454d5415798c9d1bc2db2f752c2ed71e2558391366541f9035dd4e2049ca60300db1e739a59e4f423cf9ff58d6a148eadcbf6584b948c5
ssdeep: 24576:6ziD/vmBVDQU2TQ7NVsQwSQGQ9b7cUf6p9Z8CvNodKxcGmM2WUpCZsIt53:6WDGIU57sQOb7Fi/OCjBf2BpSsqx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D850203BA4E61A1F16A1E32047D0B0FC625A91D3F23079B7A5D7B79EA772C21B13359
sha3_384: 194da69cb3664e9147e20d86ebcf60c66e8877bc9f36e23bed646f12f4bb36c1d3da8ade2dc674795845abc72cab6d54
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Bapepog                                                     
FileDescription: Pof Setup                                                   
FileVersion: 2.6.5.6             
LegalCopyright:                                                                                                     
ProductName: Pof                                                         
ProductVersion: 3.4                                               
Translation: 0x0000 0x04b0

Malware.AI.3308775020 also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.DealPly.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanApplication.DealAgent.NGI
FireEyeGeneric.mg.7c9fa0308b2b585a
McAfeeArtemis!7C9FA0308B2B
CylanceUnsafe
SangforAdware.Win32.DealPly.dezsu
AlibabaAdWare:Win32/InstallCore.2e6a49e5
Cybereasonmalicious.08b2b5
ArcabitApplication.DealAgent.NGI
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/InstallCore.Gen.A potentially unwanted
APEXMalicious
Kasperskynot-a-virus:AdWare.Win32.DealPly.dezsu
BitDefenderApplication.DealAgent.NGI
NANO-AntivirusVirus.Win32.Gen.ccmw
SUPERAntiSpywarePUP.InstallCore/Variant
Ad-AwareApplication.DealAgent.NGI
EmsisoftApplication.DealAgent.NGI (B)
ComodoMalware@#25hy17x17okjy
TrendMicroTROJ_GEN.R002C0OCO22
McAfee-GW-EditionBehavesLike.Win32.BadFile.tc
SophosInnoMod (PUA)
SentinelOneStatic AI – Malicious PE
JiangminAdWare.DealPly.nbwm
WebrootW32.Adware.Gen
MAXmalware (ai score=72)
MicrosoftTrojan:Win32/Occamy.AB
ViRobotAdware.Installcore.1739910
ZoneAlarmnot-a-virus:AdWare.Win32.DealPly.dezsu
GDataWin32.Application.InstallCore.LR@gen
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.Generic.C2424689
VBA32Malware-Cryptor.2LA.gen
ALYacApplication.DealAgent.NGI
MalwarebytesMalware.AI.3308775020
TrendMicro-HouseCallTROJ_GEN.R002C0OCO22
RisingAdware.InstallCore!1.AB2C (CLASSIC)
FortinetAdware/DealPly
PandaTrj/CI.A
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Malware.AI.3308775020?

Malware.AI.3308775020 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment