Malware

About “Malware.AI.3396703984” infection

Malware Removal

The Malware.AI.3396703984 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3396703984 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine Malware.AI.3396703984?



File Info:

name: C388814379F20642FD13.mlw
path: /opt/CAPEv2/storage/binaries/092f6b0adf1c64a4994781373ac92d336ebb79fb860bb47653c130f56b1c1119
crc32: CE0C30C0
md5: c388814379f20642fd132299baec3962
sha1: 85e8b22455e92ab182729b2c9c9d15c6829b9f16
sha256: 092f6b0adf1c64a4994781373ac92d336ebb79fb860bb47653c130f56b1c1119
sha512: fda1ed01504afe43c0f4155a5bf664ad42f466472548712e3504977381cdd4a8d91853758d62d6d836f8c052f90d2f95e445acfca8ead3380f725ff5b458fcea
ssdeep: 3072:tGFJlcBqGbwEoAdmplJpppnAK7QWqVZ0NdhAPSwz/LPKTAuLr:cFJlcBqOklJppJl7uVZ0NdhAJpEr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18A04BF44E6F4C111D533ABFC6EB88D0319AC1BB225FBC8D98C2D735886491F781A66ED
sha3_384: 730fc5f6b279a1d3f7f4a75804453f050bd7e83e89e812769dac76eb8edfc385fd48edbc7432ff0e917a5e40b9e243d9
ep_bytes: 558bec81c498feffff6a69ff75b48d95
timestamp: 2006-01-24 13:31:17


Version Info:

CompanyName: ОФнбзщЫУшВНШэрзюЫзОюхюлОжЬъЧ
FileDescription: ГкфЧючнЗЪнСсббЦюхЫепАП
FileVersion: 54.119.92.8
InternalName: шНшЫяИБКЮХИьмчлрЮьЬАВЯУЫяЛ
LegalCopyright: 9767-5092
OriginalFilename: 3Jl.exe
ProductName: йЖЕдЖчныБивОэршЭГяВхшЮЕ
ProductVersion: 54.119.92.8
Translation: 0x04b0 0x0417

Malware.AI.3396703984 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.c388814379f20642
CAT-QuickHealTrojan.GenericPMF.S19414889
McAfeeGenericRXHD-SA!C388814379F2
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Generic.ky
K7AntiVirusTrojan ( 0017c0111 )
AlibabaMalware:Win32/km_24bc1.None
K7GWTrojan ( 0017c0111 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.Generic.CST
CyrenW32/Zbot.AK.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Kryptik.FDT
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Oficla.3
NANO-AntivirusTrojan.Win32.Zbot.ddance
MicroWorld-eScanGen:Variant.Oficla.3
AvastWin32:MalOb-IJ [Cryp]
TencentMalware.Win32.Gencirc.10b6295c
Ad-AwareGen:Variant.Oficla.3
EmsisoftGen:Variant.Oficla.3 (B)
ComodoMalCrypt.Indus!@1qrzi1
DrWebTrojan.Packed.20343
ZillyaTrojan.Kryptik.Win32.881841
TrendMicroBKDR_QAKBOT.SMC
McAfee-GW-EditionGenericRXHD-SA!C388814379F2
SophosML/PE-A + Mal/Zbot-U
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Oficla.3
JiangminTrojanSpy.Zbot.aifc
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.18124F6
ArcabitTrojan.Oficla.3
ViRobotTrojan.Win32.A.Zbot.150596
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot.gen!Y
AhnLab-V3Backdoor/Win32.Qakbot.C1477988
Acronissuspicious
BitDefenderThetaAI:Packer.9A69023E1F
ALYacGen:Variant.Oficla.3
MAXmalware (ai score=100)
VBA32BScope.Trojan.Packed
MalwarebytesMalware.AI.3396703984
TrendMicro-HouseCallBKDR_QAKBOT.SMC
RisingTrojan.Kryptik!8.8 (TFE:2:8gM9FNAVb9)
YandexTrojanSpy.ZBot.Gen!Pac.14
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Krypt.A!tr.dldr
AVGWin32:MalOb-IJ [Cryp]
Cybereasonmalicious.379f20
PandaTrj/Genetic.gen

How to remove Malware.AI.3396703984?

Malware.AI.3396703984 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment