Categories: Malware

About “Malware.AI.3367048968” infection

The Malware.AI.3367048968 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.3367048968 virus can do?

Performs HTTP requests potentially not found in PCAP.
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family
Attempts to modify proxy settings
Deletes executed files from disk
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3367048968?


File Info:
name: 68117EC46F7A2103E752.mlwpath: /opt/CAPEv2/storage/binaries/87c389abb0a83df4b5f0b48dcca139cc7898a51ca79e2e0daaee3f829352b82bcrc32: D8FE5C88md5: 68117ec46f7a2103e752c88997e600d7sha1: 39a86d3cae2ad1e6605bab3d3a579e788154f7f8sha256: 87c389abb0a83df4b5f0b48dcca139cc7898a51ca79e2e0daaee3f829352b82bsha512: 2ae1cfd33f2a43626bdf4b3bbd12ebc72615ef293e8ef10b1cc74322c4b7b37a6854988dace538301ffe84157720764db3036eb27361d256839b1aefcea74ca0ssdeep: 6144:K1y+bnr+hp0yN90QEWY21T3v+NFYhgrinhXWj0z5doeNfTkaIVTnOGF2:nMrFy90wTf+NEnhGj0zHXNT7IV6k2type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D984F142E7E85433D97627709CFA03831A3A7C626D78836B7795694A0DB32C4B47533Bsha3_384: 900b3b1e48dcd1cc1d1e27235ca171ffc77b7fe7a803254487462ef35c364a0b4caf7c050d81fb5f419ce70fc80775c6ep_bytes: e8f0060000e9000000006a5868b87240timestamp: 2022-05-24 22:49:06
Version Info:
CompanyName: Microsoft CorporationFileDescription: Win32 Cabinet Self-Extractor                                           FileVersion: 11.00.17763.1 (WinBuild.160101.0800)InternalName: Wextract                LegalCopyright: © Microsoft Corporation. All rights reserved.OriginalFilename: WEXTRACT.EXE            .MUIProductName: Internet ExplorerProductVersion: 11.00.17763.1Translation: 0x0409 0x04b0

Malware.AI.3367048968 also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Agent.Y!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen19.32857
MicroWorld-eScan	Gen:Heur.Crifi.1
ClamAV	Win.Packed.Lazy-9958163-0
FireEye	Gen:Heur.Crifi.1
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
ALYac	Gen:Heur.Crifi.1
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:MSIL/Stealer.bf161859
K7GW	Spyware ( 0059955a1 )
K7AntiVirus	Spyware ( 0059955a1 )
VirIT	Trojan.Win32.GenusT.DPBO
Cyren	W32/Kryptik.JKR.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	UDS:Trojan.MSIL.Agent.gen
BitDefender	Gen:Heur.Crifi.1
NANO-Antivirus	Trojan.Win32.Disabler.jvvlmg
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
Avast	Win32:TrojanX-gen [Trj]
Tencent	Msil.Trojan.Agent.Lajl
Emsisoft	Gen:Heur.Crifi.1 (B)
F-Secure	Trojan.TR/ATRAPS.Gen
VIPRE	Gen:Heur.Crifi.1
TrendMicro	TROJ_FRS.0NA103HJ23
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Sophos	Troj/PlugX-EC
SentinelOne	Static AI – Malicious SFX
GData	MSIL.Trojan.Disabler.F
Jiangmin	Trojan.PSW.Stealerc.bw
Avira	TR/Redcap.btvag
Antiy-AVL	Trojan/Script.Phonzy
ZoneAlarm	HEUR:Trojan.MSIL.Agent.gen
Microsoft	Trojan:Win32/plugx!pz
Google	Detected
AhnLab-V3	Trojan/Win.RedLine.R601025
Acronis	suspicious
McAfee	Artemis!68117EC46F7A
MAX	malware (ai score=83)
Malwarebytes	Malware.AI.3367048968
TrendMicro-HouseCall	TROJ_FRS.0NA103HJ23
Rising	Stealer.Agent!1.E5F0 (CLASSIC)
Yandex	Trojan.Disabler!G6z7qDxyklM
Ikarus	Win32.Outbreak
Fortinet	MSIL/Disabler.DR!tr
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.cae2ad
DeepInstinct	MALICIOUS