Malware

Malware.AI.3400148150 removal guide

Malware Removal

The Malware.AI.3400148150 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3400148150 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3400148150?



File Info:

name: FE0BF63A867FDFE98F84.mlw
path: /opt/CAPEv2/storage/binaries/f16249cb6e65bc121f92ab237c43208ae6b29f7bf49f469af4ed74351fc99c85
crc32: FBDB36B7
md5: fe0bf63a867fdfe98f84e2a5f4570a70
sha1: 85684251ac63df4ba0ddf7db6ce30515f3979607
sha256: f16249cb6e65bc121f92ab237c43208ae6b29f7bf49f469af4ed74351fc99c85
sha512: 3fab6736ea86917abcf8b55e53ee862e704bee411aa322cbb889eecf93a890ef16a87ba4c04548bae3e59005e9b56d1e16adcc4941cfc8d496e25350e8e441c9
ssdeep: 196608:wr9sZ30s9tdOz5bPsEjwWgiizGKVXqtq5s8cexqpwjNKgGO/3MtZCCx49:wr9sZLY57D5iaKEAqexqpwhPGi0CCx49
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T160A633A0640EC017F046FB3C1975A378B5783DA618A668070E6FD78CFE75327BD6A582
sha3_384: 71c66f61110b6587041daa04f55cb7f80396aaaac449d05b6869895ea301107251b2f619c123ddaf662f142f7c3820bc
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Ackbyte, Inc.                                               
FileDescription: Ackbyte Utilities Setup                                     
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Malware.AI.3400148150 also known as:

LionicTrojan.Win32.Ekstak.4!c
MicroWorld-eScanTrojan.Generic.32808997
ClamAVWin.Malware.Ekstak-9970355-0
FireEyeTrojan.Generic.32808997
ALYacTrojan.Generic.32808997
MalwarebytesMalware.AI.3400148150
ZillyaTrojan.Ekstak.Win32.61279
SangforDropper.Win32.Ekstak.Vjlk
K7AntiVirusTrojan ( 005722fe1 )
AlibabaTrojanDropper:Win32/Ekstak.8ae5b3e4
K7GWTrojan ( 005722fe1 )
CyrenW32/Ekstak.EN.gen!Eldorado
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Ekstak.gen
BitDefenderTrojan.Generic.32808997
AvastNSIS:Adware-AEK [Adw]
TencentWin32.Trojan.Ekstak.Jcnw
SophosMal/Generic-S
F-SecureTrojan.TR/AD.Nekark.dkanl
VIPRETrojan.Generic.32808997
TrendMicroTROJ_GEN.R002C0GA423
McAfee-GW-EditionBehavesLike.Win32.ObfuscatedPoly.tc
EmsisoftTrojan.Generic.32808997 (B)
GDataTrojan.Generic.32808997
JiangminTrojan.Ekstak.cbzt
AviraTR/AD.Nekark.dkanl
MAXmalware (ai score=81)
ArcabitTrojan.Generic.D1F4A025
ViRobotTrojan.Win32.Z.Ekstak.9694409
ZoneAlarmUDS:Trojan.Win32.Ekstak.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Generic.C5236325
McAfeeArtemis!FE0BF63A867F
Cylanceunsafe
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002C0GA423
YandexTrojan.DR.Agent!Ou1Z2rqUkII
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.SLC!tr
AVGNSIS:Adware-AEK [Adw]
DeepInstinctMALICIOUS

How to remove Malware.AI.3400148150?

Malware.AI.3400148150 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment