Malware

Malware.AI.3420618405 removal

Malware Removal

The Malware.AI.3420618405 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.3420618405 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • NtSetInformationThread: attempt to hide thread from debugger
  • Creates RWX memory
  • Terminates another process
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 0.0.0.0:20888, 0.0.0.0:21775, 0.0.0.0:22267, 0.0.0.0:23051, 0.0.0.0:24406, 0.0.0.0:25056, 0.0.0.0:26654, 0.0.0.0:27127, 0.0.0.0:28010
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • A system process is generating network traffic likely as a result of process injection
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine Malware.AI.3420618405?


File Info:

name: F5958295AEEF3609DFDC.mlw
path: /opt/CAPEv2/storage/binaries/6a6c6f7f5cc63e8e02ccd704fcb5ff0e1ed1f8f783985f6e3523aa7a82feab72
crc32: 4FE43308
md5: f5958295aeef3609dfdc25bf6774e484
sha1: f697b522f4677a64a99339ff57de465a94492db8
sha256: 6a6c6f7f5cc63e8e02ccd704fcb5ff0e1ed1f8f783985f6e3523aa7a82feab72
sha512: 2b1355367c42be9b503ca9b1be453650c40503b3017508182542faeaedae4865710942f1168a018568a6670ba86be96468f3c7c629381bf71f45fce249ba2fe9
ssdeep: 49152:7C/kJ6sS0mK9WOzi0FM2ru8oBnhsMh+6:+/kJHhmK95zi0FZSBnE6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T182A5CF23B581C0F2D125157114BA2B3AEE74B6524B35DED7E7E8CEBA2C321529B3720D
sha3_384: 9df49f1c652c056503d589bf90181be15da63f1b912ed7d6cc5fc3b2f11e24e834e1520233c0ba90964203cf95ffa1ee
ep_bytes: 558bec6aff68989d45006818d7440064
timestamp: 2022-07-31 14:23:47

Version Info:

0: [No Data]

Malware.AI.3420618405 also known as:

BkavW32.AIDetect.malware1
DrWebTrojan.StartPage1.60936
MicroWorld-eScanGen:Variant.Cerbu.128514
FireEyeGeneric.mg.f5958295aeef3609
CAT-QuickHealHacktool.Flystudio.16558
McAfeeArtemis!F5958295AEEF
MalwarebytesMalware.AI.3420618405
VIPREGen:Variant.Cerbu.128514
SangforTrojan.Win32.Save.BlackMoon
CrowdStrikewin/malicious_confidence_70% (W)
ArcabitTrojan.Cerbu.D1F602
BitDefenderThetaGen:NN.ZexaF.34582.koW@aGSrjXe
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/CoinMiner.CIB
ClamAVWin.Dropper.Tiggre-9845940-0
KasperskyHEUR:Trojan.Win32.Witch.gen
BitDefenderGen:Variant.Cerbu.128514
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Cerbu.128514
EmsisoftGen:Variant.Cerbu.128514 (B)
McAfee-GW-EditionBehavesLike.Win32.BadFile.vh
Trapminemalicious.high.ml.score
SophosBlackMoon Packed (PUA)
IkarusTrojan.Win32.CoinMiner
AviraHEUR/AGEN.1212184
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataWin32.Trojan.Agent.WP
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.C5212056
VBA32BScope.Trojan.CryptInject
ALYacGen:Variant.Cerbu.128514
CylanceUnsafe
APEXMalicious
RisingTrojan.Generic@AI.98 (RDML:+zFsJhvgkU5eT2qKzFn5BA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.WP!tr
AVGWin32:Malware-gen
Cybereasonmalicious.5aeef3

How to remove Malware.AI.3420618405?

Malware.AI.3420618405 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment