Malware

Malware.AI.3367365030 removal tips

Malware Removal

The Malware.AI.3367365030 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3367365030 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Terminates another process
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Attempts to stop active services
  • Collects and encrypts information about the computer likely to send to C2 server
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.3367365030?



File Info:

name: 206AAC31DF53A4140B84.mlw
path: /opt/CAPEv2/storage/binaries/00fc0f3e51ee3fd35570af54fd11a656735a12910b20f0138a32d6b2946bdb19
crc32: 1B240168
md5: 206aac31df53a4140b8412921a69ab72
sha1: fb30926adc1f68cfdab673fd137c65ce63674e0d
sha256: 00fc0f3e51ee3fd35570af54fd11a656735a12910b20f0138a32d6b2946bdb19
sha512: 2da80278aee69e0b36467e06ad4c10bc5ff5f3c39a5ae45288b50a141694748ae3bc306ad325a961cb0158fc1350f2d25a1ca3676d67321d3f4148e163f1f310
ssdeep: 6144:A8JkpW/4rNXtR8Lq3gAEdyGPHK2mJbtPJ4AEPs3l5LF1xWZ36X:PuK4rNXHuIRzPF5ZnS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15854E103BE90C170D54142F89E3A5B32D83D9A94771983A76789E66CDFB32C0AE07797
sha3_384: 59fcd006f2a77bce04b4414ceaf86e6b98c0ba5102816bd835dead5c5cc152b31c52a7b5f9b5020e5dd1d757f0522078
ep_bytes: eb1066623a432b2b484f4f4b90e96471
timestamp: 2019-05-17 06:12:48


Version Info:

0: [No Data]

Malware.AI.3367365030 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.435573
FireEyeGeneric.mg.206aac31df53a414
ALYacGen:Variant.Bulz.435573
CylanceUnsafe
VIPREGen:Variant.Bulz.435573
SangforTrojan.Win32.Agent.V7xo
K7AntiVirusTrojan ( 0054e59c1 )
BitDefenderGen:Variant.Bulz.435573
K7GWTrojan ( 0054e59c1 )
Cybereasonmalicious.1df53a
BitDefenderThetaGen:NN.ZexaF.34806.sGW@aO1spRo
CyrenW32/Trojan.VLJH-8467
SymantecTrojan.Trickybot
ESET-NOD32a variant of Win32/GenKryptik.DJMD
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:Win32/MereTam.ali2000008
NANO-AntivirusTrojan.Win32.Yakes.fqjfgr
RisingTrojan.Kryptik!1.BB6D (CLASSIC)
Ad-AwareGen:Variant.Bulz.435573
SophosMal/Generic-S
ComodoMalware@#irc37msbkane
ZillyaTrojan.Yakes.Win32.73048
TrendMicroTROJ_GEN.R002C0DD122
McAfee-GW-EditionEmotet-FNM!206AAC31DF53
IkarusTrojan.Win32.Krypt
JiangminTrojan.Yakes.acpq
WebrootW32.Trojan.Gen
AviraTR/AD.TrickBot.uvr
Antiy-AVLTrojan/Generic.ASMalwS.24F
MicrosoftTrojan:Win32/Iceid.SX!MTB
GDataGen:Variant.Bulz.435573
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.RL_Generic.R274024
McAfeeEmotet-FNM!206AAC31DF53
VBA32BScope.Trojan.Yakes
MalwarebytesMalware.AI.3367365030
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0DD122
TencentWin32.Trojan.Generic.Hoes
YandexTrojan.GenAsa!+bi7A1EZLtQ
SentinelOneStatic AI – Suspicious PE
FortinetW32/Generic.AC.450E6E
AVGWin32:BankerX-gen [Trj]
AvastWin32:BankerX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3367365030?

Malware.AI.3367365030 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment