Malware.AI.3520901428 removal guide

The Malware.AI.3520901428 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3520901428 virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Malware.AI.3520901428?


File Info:
name: DB657A44EE58E76189BF.mlw
path: /opt/CAPEv2/storage/binaries/08e6edb6f957752c63d045203b7876ac1b14b5b9979899bc0f0963b835b27684
crc32: 978568DD
md5: db657a44ee58e76189bfebccb27cfeb5
sha1: bb8334e8f75d5d16fdee3386990dc9138a152d69
sha256: 08e6edb6f957752c63d045203b7876ac1b14b5b9979899bc0f0963b835b27684
sha512: 1f714d5c6f1b190c1072d4292711c2c6d79744c1a63e42d66eb054d6fa4b0962339ae8056bddc7d1ee8d4734e5503eacbc3a3ae5a335c04b36f16806956a8549
ssdeep: 98304:++NrNuOsCdVO5XWw2xIjq1IMwzHZ6tmrM/e2l6yFyFfQa4P:lf25G8Z6tmrGSfQ3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D9765A436753C8A2D7460434DC6EEAF517207E189BFAC1A3B190FEEB74B3992FA21115
sha3_384: 55c54a148128f3b1d2bcd23015669e265b84fb0caae7fd0b71f7e4b05b0601cd24cd8e81014151eef16fcdaab473daca
ep_bytes: 558bec6aff6870716e00685c614b0064
timestamp: 2022-04-21 04:31:49

Version Info:
CompanyName: 
FileDescription: Client Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: Client
LegalCopyright: 版权所有 (C) 2018
LegalTrademarks: 
OriginalFilename: Client.EXE
ProductName: Client 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Malware.AI.3520901428 also known as:

Lionic	Trojan.Win32.Farfli.m!c
Elastic	malicious (high confidence)
ClamAV	Win.Trojan.Zegost-9763840-0
FireEye	Generic.mg.db657a44ee58e761
McAfee	Artemis!DB657A44EE58
Cylance	Unsafe
Sangfor	Backdoor.Win32.Farfli.gen
K7AntiVirus	Trojan ( 0056e5201 )
Alibaba	Backdoor:Win32/Farfli.d80171ac
K7GW	Trojan ( 0056e5201 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Kaspersky	UDS:Backdoor.Win32.Generic
BitDefender	Trojan.GenericKD.39538507
MicroWorld-eScan	Trojan.GenericKD.39538507
Avast	Win32:Evo-gen [Susp]
Ad-Aware	Trojan.GenericKD.39538507
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Farfli.tutlc
DrWeb	Trojan.SpyBot.776
McAfee-GW-Edition	BehavesLike.Win32.Dropper.wh
Emsisoft	Trojan.GenericKD.39538507 (B)
GData	Win32.Trojan.Agent.QJAD7I
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
Acronis	suspicious
ALYac	Trojan.GenericKD.39538507
MAX	malware (ai score=80)
VBA32	BScope.Backdoor.Farfli
Malwarebytes	Malware.AI.3520901428
TrendMicro-HouseCall	TROJ_GEN.R002H0DDL22
Rising	Backdoor.Farfli!8.B4 (CLOUD)
Ikarus	Backdoor.Farfli
Fortinet	W32/NDAoF
AVG	Win32:Evo-gen [Susp]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Malware.AI.3520901428?

Malware.AI.3520901428 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X