Malware

About “Malware.AI.3337890800” infection

Malware Removal

The Malware.AI.3337890800 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3337890800 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Access the NetLogon registry key, potentially used for discovery or tampering
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Enumerates services, possibly for anti-virtualization
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Anomalous binary characteristics

How to determine Malware.AI.3337890800?



File Info:

name: 42C45EF5CDF4C815BF5C.mlw
path: /opt/CAPEv2/storage/binaries/68dfd537e72ec0ed2181d9931640a34e3813e2cf2b941e55d0bda4818f5f64b9
crc32: 53533A37
md5: 42c45ef5cdf4c815bf5c90885378c63a
sha1: 9630bdb7375f6b807f750bf0035777b7be2ca5a7
sha256: 68dfd537e72ec0ed2181d9931640a34e3813e2cf2b941e55d0bda4818f5f64b9
sha512: 4c8045c5450934013c4dc581dcdd83f2b0bdbb6fba7802bb93a5b1c08fcbdd7c8685aa4e1cd7309233af59493f05f72799f27da6b210671b4759f91f6750f143
ssdeep: 49152:k5VZY/fQ414w0WQTKyIbxlx6ucnFAkcw+TbZssTq7P4z7fexO:kP44E4w0WwIlZkBxsG7P67
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T11E16CF13B6C3C0B7D6522934146BA3764F316B01172AD5C7BFE4DE584D322A1BA3A78B
sha3_384: 03cabc3e87546bfa64e6710bec7f946f577a0fb7be83b09a3f5d24ae24f0d126a8cee297b89dc1d4de671d22dd41045b
ep_bytes: 558bec83c4e853565733c08945e88945
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 2.0.0.21
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Translation: 0x0412 0x03b5

Malware.AI.3337890800 also known as:

BkavW32.AIDetect.malware2
LionicWorm.Win32.Fasong.l4hb
FireEyeGeneric.mg.42c45ef5cdf4c815
McAfeePolyPatch-UPX
SangforTrojan.Win32.Wacatac.B
K7AntiVirusTrojan ( 004bcce41 )
K7GWTrojan ( 004bcce41 )
CrowdStrikewin/malicious_confidence_60% (W)
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
SophosMal/Generic-S
ComodoPacked.Win32.MUPX.Gen@24tbus
McAfee-GW-EditionPolyPatch-UPX
AviraHEUR/AGEN.1111097
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZelphiF.34160.@p0@aqm!IGeG
MalwarebytesMalware.AI.3337890800
TrendMicro-HouseCallTROJ_GEN.R002H06AB22
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PolyPatch.UPX!tr
Cybereasonmalicious.7375f6

How to remove Malware.AI.3337890800?

Malware.AI.3337890800 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment