Malware.AI.3392889614 malicious file

The Malware.AI.3392889614 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3392889614 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.3392889614?


File Info:
name: BB1E3ED749B633B878E6.mlw
path: /opt/CAPEv2/storage/binaries/d3f3e1ff7b8f982845921c75b578219b62d820d9479fdac2a47c41043a191e2d
crc32: 15F729E7
md5: bb1e3ed749b633b878e63b9709017277
sha1: a250e7fd0feb9eefce4c018ab9722742b475b673
sha256: d3f3e1ff7b8f982845921c75b578219b62d820d9479fdac2a47c41043a191e2d
sha512: 385ec6cc5285315b7cde593494c5dab666c7b85c35c9999aca5dcd7f0e7399cc0008e53c74e7221c69498ba5c8a1ce482d405370b3ea35e5c81db99db5a76feb
ssdeep: 6144:fwLWm5pMS31jrkYEarf8473UBkxufOrGCpzQ6nqUNEfgxsoO35oCfVg:frCp7trkA7kBk82SCfq5fgxshSkVg
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T101947C74E72025CCC12F5F3835D9B99499942E90330EB452BCAF1B9902ACF9A436D97F
sha3_384: 8a4da020a2df59ab61049b79468865507aa19633d6f33cc4625b6e3d06a2649947e09c413326631becbe43486fa9d0d8
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2069-12-13 17:16:01

Version Info:
CompanyName: Microsoft Corporation
FileDescription: x86 Performance Counter Host
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: perfhost.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: perfhost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.3392889614 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Expiro.Gen.6
FireEye	Generic.mg.bb1e3ed749b633b8
Malwarebytes	Malware.AI.3392889614
CrowdStrike	win/malicious_confidence_80% (D)
VirIT	Win32.Expiro.CV
Cyren	W32/Expiro.AN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Expiro.NDG
APEX	Malicious
Avast	Win32:Xpirat-C [Inf]
Cynet	Malicious (score: 100)
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Ad-Aware	Win32.Expiro.Gen.6
Sophos	ML/PE-A + Mal/EncPk-MK
DrWeb	Win32.Expiro.150
VIPRE	Virus.Win32.Expiro.dp (v)
TrendMicro	Virus.Win32.EXPIRO.AD
Emsisoft	Win32.Expiro.Gen.6 (B)
GData	Win32.Expiro.Gen.6
Jiangmin	Trojan.PSW.Stealer.abj
Avira	TR/Patched.Gen
Arcabit	Win32.Expiro.Gen.6
Microsoft	Trojan:Win32/Raccoon.EC!MTB
Acronis	suspicious
ALYac	Win32.Expiro.Gen.6
MAX	malware (ai score=88)
VBA32	BScope.Trojan.Wacatac
TrendMicro-HouseCall	Virus.Win32.EXPIRO.AD
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Expiro.NDG
AVG	Win32:Xpirat-C [Inf]
Cybereason	malicious.749b63
Panda	Trj/Genetic.gen

How to remove Malware.AI.3392889614?

Malware.AI.3392889614 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X