Malware

Malware.AI.342499444 removal instruction

Malware Removal

The Malware.AI.342499444 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.342499444 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Malware.AI.342499444?



File Info:

name: C0A33222DC1EE2CCC833.mlw
path: /opt/CAPEv2/storage/binaries/8de9d8e6f11d5141ce949b7096ed9c59dc3a220e42d0a92dfc1db21d59ac5612
crc32: 3E594C00
md5: c0a33222dc1ee2ccc83309a90c93a149
sha1: e29adfaea19a05265edfb5aced6ed63bdbf3ecac
sha256: 8de9d8e6f11d5141ce949b7096ed9c59dc3a220e42d0a92dfc1db21d59ac5612
sha512: 07766150789b3145d608410a80a6f18b59b05297cea043aa4060af6744962fc00cfe1d6c35448c2eb8badc5629682b451f6dbd00f6682e8fb41ace70aa0711d4
ssdeep: 768:WccbgzuGb1ZAd55YeCwijnDcz9viFzI71uUbkAaY1zeeq9Sr2qE53wuSN6fh9U:Wcc8a21Ui/4W61BkAaSu9wBE1kW+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EA53E44326EE6D96F4782A787B3303E0D369DEE31123CADD54C43409A47E5837A627E9
sha3_384: 3f32f74113f4824336b5cfc78a54acc6f2f87983ad303c86371561ee91c6130cf4d46f2100af141ab3809fa17300c558
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-06-06 20:46:02


Version Info:

Translation: 0x0000 0x04b0
Comments: 制制丽美丽制美复美美复复美丽制美复复制制丽美丽制美复美美复复美丽制美复复
CompanyName: 制制丽美丽制美复美美复复美丽制美复复制制丽美丽制美复美美复复美丽制美复复
FileDescription: 制制丽美丽制美复美美复复美丽制美复复制制丽美丽制美复美美复复美丽制美复复
FileVersion: 1.0.0.0
InternalName: WindowsApplication5.exe
LegalCopyright: 制制丽美丽制美复美美复复美丽制美复复制制丽美丽制美复美美复复美丽制美复复
LegalTrademarks: 制制丽美丽制美复美美复复美丽制美复复制制丽美丽制美复美美复复美丽制美复复
OriginalFilename: WindowsApplication5.exe
ProductName: 制制丽美丽制美复美美复复美丽制美复复制制丽美丽制美复美美复复美丽制美复复
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.342499444 also known as:

LionicTrojan.Win32.Generic.mfHD
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Abuja.1
FireEyeGeneric.mg.c0a33222dc1ee2cc
ALYacGen:Heur.MSIL.Abuja.1
CylanceUnsafe
ZillyaTrojan.GenericKD.Win32.124533
SangforTrojan.MSIL.Crypt.gufv
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Heur.MSIL.Abuja.1
K7GWTrojan ( 0053408a1 )
K7AntiVirusTrojan ( 0053408a1 )
BitDefenderThetaGen:NN.ZemsilF.34294.dq0@aG4B51d
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.YGZ
TrendMicro-HouseCallTROJ_GEN.R002C0PIG21
Paloaltogeneric.ml
KasperskyTrojan.MSIL.Crypt.gufv
AlibabaTrojan:MSIL/Kryptik.7007f6a0
NANO-AntivirusTrojan.Win32.GenKryptik.fdsmmr
Ad-AwareGen:Heur.MSIL.Abuja.1
EmsisoftGen:Heur.MSIL.Abuja.1 (B)
ComodoMalware@#3dv9tvgz2yzo7
DrWebBackDoor.Bladabindi.13678
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0PIG21
McAfee-GW-EditionGeneric.duq
SophosMal/Generic-S
IkarusTrojan.MSIL.Injector
JiangminTrojan.MSIL.jirp
AviraHEUR/AGEN.1101163
Antiy-AVLTrojan/Generic.ASMalwS.2690C22
MicrosoftBackdoor:MSIL/Bladabindi
APEXMalicious
GDataGen:Heur.MSIL.Abuja.1
CynetMalicious (score: 99)
McAfeeGeneric.duq
MAXmalware (ai score=96)
VBA32TScope.Trojan.MSIL
MalwarebytesMalware.AI.342499444
PandaTrj/GdSda.A
TencentMalware.Win32.Gencirc.114d01b7
YandexTrojan.Crypt!v4U02LDVofU
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetMSIL/GenKryptik.CBKY!tr
AVGWin32:Malware-gen
Cybereasonmalicious.2dc1ee
AvastWin32:Malware-gen
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.342499444?

Malware.AI.342499444 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment