Malware

Malware.AI.3369706854 removal instruction

Malware Removal

The Malware.AI.3369706854 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.3369706854 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Attempts to stop active services
  • Creates a hidden or system file

How to determine Malware.AI.3369706854?


File Info:

name: 8ABFAB9D8990233109D2.mlw
path: /opt/CAPEv2/storage/binaries/97d55817813f9af8897a16f3b0f0bd2285808a5238ce72461fca56640bb7b565
crc32: 1F1DC926
md5: 8abfab9d8990233109d25e7507c28d67
sha1: 0973190ad7d4ad1e1b4dc6b69d88994ea463cb15
sha256: 97d55817813f9af8897a16f3b0f0bd2285808a5238ce72461fca56640bb7b565
sha512: e508be6ae7493a42e2efcef77d9f38818e60d34bb4656b11b40c105f42b123c718856b7753c5ae6b3fff88063d44ca6613e975f71dccf92f590bd5608049dc02
ssdeep: 3072:q1N1vX0/HR63Z+zVhgdrQ+7sus1rz5P8XkB9sxpkkn1+1VJNpIiTiEAcGj7L:uXeH8JYhl+iv1vsHhcBIipM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DBF31222199DA14BF89A293B8B8D977C43E62E1059007D0B6951374C2C376EDFD32BE7
sha3_384: 210bf98e219f67c9af8e7449b26e7178e1e2c1276fc8f79ef5f4da481234e2e092502ed3c70ad3c231b119f3de2c25e8
ep_bytes: 558bec81eca4000000811dbc3e4200ae
timestamp: 2011-03-23 19:15:02

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft (R) HTML Application host
FileVersion: 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
InternalName: MSHTA.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: MSHTA.EXE
ProductName: Windows® Internet Explorer
ProductVersion: 9.00.8112.16421
Translation: 0x0409 0x04b0

Malware.AI.3369706854 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lwwJ
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.IPZ.7
ALYacGen:Heur.IPZ.7
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusBackdoor ( 005328fd1 )
K7GWBackdoor ( 005328fd1 )
Cybereasonmalicious.d89902
CyrenW32/Sirefef.AB.gen!Eldorado
SymantecTrojan.Zeroaccess!g34
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.AEJQ
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.ZAccess.gk
BitDefenderGen:Heur.IPZ.7
NANO-AntivirusTrojan.Win32.Obfuscate.rltbl
SUPERAntiSpywareTrojan.Agent/Gen-Obfuscator
AvastWin32:Sirefef-UD [Drp]
TencentWin32.Trojan-dropper.Zaccess.Edoh
Ad-AwareGen:Heur.IPZ.7
EmsisoftGen:Heur.IPZ.7 (B)
ComodoTrojWare.Win32.Kryptik.AELD@4o4zrm
DrWebBackDoor.Maxplus
VIPREGen:Heur.IPZ.7
McAfee-GW-EditionPWS-Zbot.gen.xh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.8abfab9d89902331
SophosML/PE-A + Troj/ZAccess-BO
SentinelOneStatic AI – Suspicious PE
GDataGen:Heur.IPZ.7
JiangminTrojan/Generic.zwbf
WebrootW32.Rogue.Gen
AviraTR/Obfuscate.pnmnc
Antiy-AVLTrojan/Generic.ASMalwS.415
ArcabitTrojan.IPZ.7
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ZAccess.R23980
Acronissuspicious
McAfeePWS-Zbot.gen.xh
MAXmalware (ai score=80)
VBA32BScope.Backdoor.Maxplus.2741
MalwarebytesMalware.AI.3369706854
RisingTrojan.Generic@AI.96 (RDML:uecjhcP4CK14dV8CqkklEQ)
YandexTrojan.GenAsa!aDCFnBiN7KQ
IkarusTrojan-Dropper.Win32.Sirefef
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/ZeroAccess.B!tr
BitDefenderThetaGen:NN.ZexaF.34582.km0@aCyNgpji
AVGWin32:Sirefef-UD [Drp]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3369706854?

Malware.AI.3369706854 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment