Malware

What is “Malware.AI.3506994965”?

Malware Removal

The Malware.AI.3506994965 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3506994965 virus can do?

  • A file was accessed within the Public folder.
  • Uses Windows utilities for basic functionality
  • Installs a browser addon or extension
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive
  • Collects information to fingerprint the system
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3506994965?



File Info:

name: 1B5C687B4D28E029A77C.mlw
path: /opt/CAPEv2/storage/binaries/d646a30f2c636877a3e7f0db002f28fb68092f66848d11f39bcacec4cffdb06f
crc32: C2C6C4A5
md5: 1b5c687b4d28e029a77c5d83e3fb41ed
sha1: df1a82e080f7f8f4a1fd91a67f7cc18665a574db
sha256: d646a30f2c636877a3e7f0db002f28fb68092f66848d11f39bcacec4cffdb06f
sha512: 59fb01f43c5ab743e92acdf6d6e91e46630869a8195251f6f0490a0dc9b0c341800b5770a8418496ce57206566f92e3df5c563214603084f5ea5e751e530101e
ssdeep: 12288:YbosayNmLYr+wbVcYzui9QowQB5TQw4NAjxAyXfcKSVIO9DdGSr9oSj:u8erXbVcYzr97BRnHjBfDSVIoDd
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T113C42303E206929BE421797CC47B2737605CD93C97870EB75226399F3A38B692D235DD
sha3_384: f6db8eb5da0224019b5824a082dae534bf81ecec96c11f1ad742c9cf98df241c4ab0616d309be72d06ac6843193fded8
ep_bytes: 807c2408010f85d00b000060be001010
timestamp: 2020-10-23 15:31:52


Version Info:

FileVersion: 1.0.0.0
FileDescription: SAM nfapi.dll
ProductName: Microsoft Windows Operating System
ProductVersion: 1.0.0.0
CompanyName: Microsoft Corporation. All rights reserved.
LegalCopyright: Microsoft Corporation. All rights reserved. 版权所有
Comments: 本程序使用易语言编写(http://www.dywt.com.cn)
Translation: 0x0804 0x04b0

Malware.AI.3506994965 also known as:

BkavW32.Common.567899A6
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.Generic.31343832
SkyhighBehavesLike.Win32.Generic.hc
McAfeeArtemis!1B5C687B4D28
MalwarebytesMalware.AI.3506994965
SangforTrojan.Win32.Agent.Vmjy
K7AntiVirusTrojan ( 005376ae1 )
AlibabaTrojan:Win32/Generic.84129d36
K7GWTrojan ( 005376ae1 )
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderThetaGen:NN.ZedlaF.36680.ImSfaiuk9qab
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
CynetMalicious (score: 100)
ClamAVWin.Malware.Agen-7172367-0
BitDefenderTrojan.Generic.31343832
AvastWin32:Malware-gen
EmsisoftTrojan.Generic.31343832 (B)
DrWebTrojan.Spambot.15869
VIPRETrojan.Generic.31343832
SophosMal/Generic-S
IkarusTrojan.Agent
Antiy-AVLTrojan/Win32.FlyStudio.a
MicrosoftTrojan:Win32/Wacatac.A!ml
ArcabitTrojan.Generic.D1DE44D8
GDataWin32.Application.PUPStudio.B
GoogleDetected
AhnLab-V3Malware/Win.Generic.C4820019
ALYacTrojan.Generic.31343832
VBA32BScope.Trojan.Tiggre
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H09L723
RisingTrojan.ProxyChanger!1.CFF3 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetRiskware/PackedFlyStudio
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Malware.AI.3506994965?

Malware.AI.3506994965 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment