Should I remove “Malware.AI.3335067967”?

The Malware.AI.3335067967 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3335067967 virus can do?

Creates RWX memory
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Malware.AI.3335067967?


File Info:
name: BBC9EC3DB5534FC368D0.mlw
path: /opt/CAPEv2/storage/binaries/d8e17a2297816157567652e06a879e7a696207f4dc14a861b3f0f91d3f1b7004
crc32: 52EA5BCE
md5: bbc9ec3db5534fc368d0ccd7a1d11dd5
sha1: 61405465ae17d54e8470fcea9d30bbd1812aca64
sha256: d8e17a2297816157567652e06a879e7a696207f4dc14a861b3f0f91d3f1b7004
sha512: ce65124ec8b6deefdbdfad4a3f747abfe4904699bc21b8f4d718952a8bfb8b36bdb1f3a91da1d144b665775a768e4bd4f20993aa6405232c13d97f0eb4ab3f54
ssdeep: 49152:0lOVDTtQY6SoNtaUJ6dUnHpclbwbWAaJiwmqTjcoYxjFna:Lq4UHxqPFGk
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T149857B17E29500DCD029C23CD6859522ED61B876CB28B9EF079092191E7BBF39BF9F11
sha3_384: 8e73855363d5467029bba023853b50f4cd1cc04bfb43e75dee38f2e78bed48835b1ba04e6b67c275a1d565f7e6295676
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2021-10-26 12:21:59

Version Info:
CompanyName: Google LLC
FileDescription: Google Chrome
FileVersion: 92.0.4515.131
InternalName: elevation_service_exe
LegalCopyright: Copyright 2021 Google LLC. All rights reserved.
OriginalFilename: elevation_service.exe
ProductName: Google Chrome
ProductVersion: 92.0.4515.131
CompanyShortName: Google
ProductShortName: Chrome
LastChange: 6b8d6c56ce21e38a72f7c4becb5abc1fa5134f29-refs/branch-heads/4515@#1933
Official Build: 1
Translation: 0x0409 0x04b0

Malware.AI.3335067967 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.132
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.bbc9ec3db5534fc3
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
NANO-Antivirus	Virus.Win64.Expiro.clnvwd
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Emsisoft	Win64.Expiro.Gen.6 (B)
TrendMicro	Virus.Win64.EXPIRO.MR
Sophos	ML/PE-A + W64/Expiro-AX
Ikarus	Virus.Win64.Expiro
GData	Win64.Expiro.Gen.6
Jiangmin	Trojan.Bingoml.akq
Avira	W64/Infector.Gen
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
ALYac	Win64.Expiro.Gen.6
Malwarebytes	Malware.AI.3335067967
APEX	Malicious
SentinelOne	Static AI – Suspicious PE
MaxSecure	virus.win64.expiro.gen
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]

How to remove Malware.AI.3335067967?

Malware.AI.3335067967 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X