Malware

About “Malware.AI.3504837072” infection

Malware Removal

The Malware.AI.3504837072 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3504837072 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Detects Bochs through the presence of a registry key
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3504837072?



File Info:

name: AA8AC332289EE7AF204C.mlw
path: /opt/CAPEv2/storage/binaries/cbeb920deb8222c2214668d9d1f1df07cbc87a5d61c36fe5bc4f479604809ca0
crc32: 101F9095
md5: aa8ac332289ee7af204c562a500df3b9
sha1: cbd17576b5becc202e0f2a0977c7c6a4d6647dcf
sha256: cbeb920deb8222c2214668d9d1f1df07cbc87a5d61c36fe5bc4f479604809ca0
sha512: 3650a208678752ff7ff25998dcfb6ec9ae5e7fd133b6d93be176e07f5b5004a1e060290a2b4dc9508b6a62b49675905c1a146029681ba5f2f3e9da2fa0dfecef
ssdeep: 3072:+LRRgYfk1xHO3dtqV4YEvaUnTZxt6pogjybZtxG2jSyuTJOcF:+uxHOtoV4qUndxtDgyZtxG2mblx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18464FECA2A72DE6FF54C70F1D028B8A29E1C7EB60DA3F6479CF6759D04799124B041E2
sha3_384: 337cf1498127fbdfbb7152490cde63d0a2372100ec862c2d99f6e357656cf2a26d8ff7acaa587c48b9ded20b3416f7f6
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-07-12 23:00:08


Version Info:

Translation: 0x0000 0x04b0
Comments: porden2
CompanyName: stbajj
FileDescription: porden2
FileVersion: 2.3.7.5
InternalName: porden2.exe
LegalCopyright: Copyright oiyikfa 2003
OriginalFilename: porden2.exe
ProductName: porden2
ProductVersion: 2.3.7.5
Assembly Version: 5.8.3.8

Malware.AI.3504837072 also known as:

LionicTrojan.Win32.Generic.mCnF
tehtrisGeneric.Malware
DrWebTrojan.PWS.Siggen1.39450
MicroWorld-eScanGen:Trojan.Olock.1
FireEyeGeneric.mg.aa8ac332289ee7af
ALYacGen:Trojan.Olock.1
MalwarebytesMalware.AI.3504837072
VIPREGen:Trojan.Olock.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055e39a1 )
AlibabaTrojan:Win32/starter.ali1000139
K7GWTrojan ( 0055e39a1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.36318.sm1@aatvOOm
CyrenW32/MSIL_Injector.TG.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Injector.KXC
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.Olock.1
NANO-AntivirusTrojan.Win32.MSILPerseus.hcvwfz
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b16e56
EmsisoftGen:Trojan.Olock.1 (B)
F-SecureHeuristic.HEUR/AGEN.1313272
ZillyaTrojan.Fareit.Win32.10606
McAfee-GW-EditionGenericRXJC-EV!AA8AC332289E
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Olock.1
JiangminTrojan.Generic.dzxlk
AviraHEUR/AGEN.1313272
Antiy-AVLTrojan[PSW]/Win32.Fareit
ArcabitTrojan.Olock.1
ZoneAlarmHEUR:Trojan.Win32.Generic
GoogleDetected
AhnLab-V3Trojan/Win32.RL_Generic.C3500174
Acronissuspicious
McAfeeGenericRXJC-EV!AA8AC332289E
MAXmalware (ai score=87)
VBA32TScope.Trojan.MSIL
Cylanceunsafe
PandaTrj/CI.A
RisingMalware.Obfus/MSIL@AI.98 (RDM.MSIL2:5UDwSXPeFMacGbfCeFfz/A)
YandexTrojan.PWS.Fareit!jC+cokytT1Y
IkarusTrojan.MSIL.Injector
FortinetMSIL/Injector.KXC!tr
AVGWin32:Malware-gen
Cybereasonmalicious.2289ee
DeepInstinctMALICIOUS

How to remove Malware.AI.3504837072?

Malware.AI.3504837072 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment