Malware

Malware.AI.3381333138 (file analysis)

Malware Removal

The Malware.AI.3381333138 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3381333138 virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Code injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a slightly modified copy of itself

Related domains:

brureservtestot.cc
qytufpscigbb.com

How to determine Malware.AI.3381333138?



File Info:

crc32: C57CDC5F
md5: c6e51805fb0db09e11895184ac9e288d
name: C6E51805FB0DB09E11895184AC9E288D.mlw
sha1: 89114e59acc8f9f3ab9f266f60580f24839a7568
sha256: 4e7ff33961f7f255711684bd179273acbfc73e0d9139d4b60b8cbb40f89485ac
sha512: f3f91d8612c5adf80108e8e8bd823d4a92c876ae654b9263dd52c4ef94053f8d50bd7cb9b999cc62abe4c30616ab089bd96e31b492ee056a9723059d8feeeec1
ssdeep: 3072:+Lfem8MFtnFAA677yRwZmbaskrKB5HiX5w4M/:+Cm/fAV5meskejHa5g
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: deputation changeling
InternalName: ecology defeatist
FileVersion: 80, 74, 53, 137
CompanyName: Totalidea Software
PrivateBuild: desks
LegalTrademarks: forecourt coacts
Comments: concession chest
ProductName: chromatic ciders
SpecialBuild: estranged
ProductVersion: 207, 55, 104, 7
FileDescription: forte greed
OriginalFilename: dismissed.exe

Malware.AI.3381333138 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Cripack.Gen.1
FireEyeGeneric.mg.c6e51805fb0db09e
CAT-QuickHealTrojan.Generic
McAfeeGenericRXCZ-DK!C6E51805FB0D
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004b75071 )
BitDefenderTrojan.Cripack.Gen.1
K7GWTrojan ( 004b75071 )
Cybereasonmalicious.5fb0db
BitDefenderThetaGen:NN.ZexaF.34590.hq0@ayg2GNOG
CyrenW32/Tinba.F.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:TeslaCrypt-FN [Trj]
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Tinba.dqteol
AegisLabTrojan.Win32.Generic.4!c
RisingTrojan.Ransom-Tesla!8.2B62 (CLOUD)
Ad-AwareTrojan.Cripack.Gen.1
SophosML/PE-A + Troj/Glupteba-F
ComodoTrojWare.Win32.Roitamit.BE@7dklv8
F-SecureHeuristic.HEUR/AGEN.1124199
DrWebTrojan.PWS.Tinba.153
ZillyaTrojan.Tinba.Win32.1916
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
EmsisoftTrojan.Cripack.Gen.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.acglo
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1124199
Antiy-AVLTrojan/Win32.SGeneric
MicrosoftTrojan:Win32/Tinba
ArcabitTrojan.Cripack.Gen.1
SUPERAntiSpywareTrojan.Agent/Gen-Tinba
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Cripack.Gen.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Skeeyah.R216296
Acronissuspicious
VBA32TrojanPSW.Tinba
MAXmalware (ai score=99)
MalwarebytesMalware.AI.3381333138
PandaTrj/Genetic.gen
ESET-NOD32Win32/Tinba.BE
TencentMalware.Win32.Gencirc.10b2d181
YandexTrojan.GenAsa!2luE1i4Pzoo
IkarusTrojan.Win32.Tinba
eGambitUnsafe.AI_Score_98%
FortinetW32/Kryptik.DHKK!tr
AVGWin32:TeslaCrypt-FN [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.e34

How to remove Malware.AI.3381333138?

Malware.AI.3381333138 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment