Malware

Malware.AI.3486389414 (file analysis)

Malware Removal

The Malware.AI.3486389414 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3486389414 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to restart the guest VM
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.3486389414?



File Info:

name: 45A4561B7B07536144D8.mlw
path: /opt/CAPEv2/storage/binaries/7dc5008946404ddc71460af0db0e9624371e5c39c82c66550f2d1c81b4f58db1
crc32: D7C430D3
md5: 45a4561b7b07536144d8c61c0ed91a1b
sha1: 868f3151259d6525da795362e1d7ac46de86c321
sha256: 7dc5008946404ddc71460af0db0e9624371e5c39c82c66550f2d1c81b4f58db1
sha512: 39aabed63a97785e755d0ce8caf7632fc71aaf81e9a0d2f56e1c42967857556e42e814449c0000d2cf739f83caebe5508e1abcdf441184dc9a3eedc4379b7545
ssdeep: 1536:ac10NLVlyeoF6OeAMVVYR/zgJw+/DvcPOHRfJiQhUmkvh666CV:ac10NLVlyeTOeDVSRc6u0X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T141532A13EA582287D42E1B7051BD4B0DE631A5387B6E53CB115CBA3EFAD07C26E123C9
sha3_384: 9240e0455fad08ecf46ea614d1668f4125dcbbe94d57d8a5d65896ce7736d2b74dcb788174b88a06c641f43e22bb7bf2
ep_bytes: 558bec81c448fcffff8b15048540008b
timestamp: 2005-01-06 12:56:02


Version Info:

CompanyName: Hex-Rays SA
FileDescription: fPgA5Hc7oHwj1
FileVersion: Grg5W
InternalName: o0RV
LegalCopyright: xR7cETGDLx
OriginalFilename: nPfEW31tzdPe
ProductName: ISNRTeT
ProductVersion: jD9SPvFs7Pic

Malware.AI.3486389414 also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Ransom.8
FireEyeGeneric.mg.45a4561b7b075361
CAT-QuickHealTrojan.Ransom.A
ALYacGen:Variant.Ransom.8
CylanceUnsafe
ZillyaTrojan.FakeAV.Win32.146459
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 002daab61 )
BitDefenderGen:Variant.Ransom.8
K7GWTrojan ( 002daab61 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34582.du0@a8diokcQ
CyrenW32/Ransom.J.gen!Eldorado
SymantecTrojan.Ransomlock!gen2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.PJZ
TrendMicro-HouseCallTROJ_FAKEAV.SMKW
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
AlibabaRansom:Win32/Genasom.53546140
NANO-AntivirusTrojan.Win32.ZeroAccess.fbaulj
ViRobotTrojan.Win32.Z.Ransom.63488.E
TencentWin32.Trojan.Generic.Pdmi
Ad-AwareGen:Variant.Ransom.8
SophosML/PE-A + Mal/EncPk-ADY
ComodoTrojWare.Win32.Trojan.Agent.~xtsa@3ymfaa
DrWebTrojan.Packed.21756
VIPREGen:Variant.Ransom.8
TrendMicroTROJ_FAKEAV.SMKW
McAfee-GW-EditionBehavesLike.Win32.Rootkit.kc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Ransom.8 (B)
APEXMalicious
JiangminTrojan/Generic.novm
AviraBDS/ZeroAccess.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.52E6
MicrosoftRansom:Win32/Genasom.DN
ArcabitTrojan.Ransom.8
GDataGen:Variant.Ransom.8
CynetMalicious (score: 100)
McAfeeFakeAV-SecurityTool.cv
MAXmalware (ai score=100)
VBA32Trojan.ExpProc.014
MalwarebytesMalware.AI.3486389414
PandaGeneric Malware
RisingTrojan.Generic!8.C3 (KTSE)
YandexTrojan.Kryptik!1CZCi9X2JtI
IkarusTrojan-Ransom.Timer
MaxSecureTrojan.Malware.2588.susgen
FortinetW32/RansomTimer.fam!tr
AVGWin32:Mystic
Cybereasonmalicious.b7b075
AvastWin32:Mystic

How to remove Malware.AI.3486389414?

Malware.AI.3486389414 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment