Malware

Malware.AI.3534781265 (file analysis)

Malware Removal

The Malware.AI.3534781265 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3534781265 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • A file with an unusual extension was attempted to be loaded as a DLL.
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Loads a driver
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Accessed credential storage registry keys
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Attempts to interact with an Alternate Data Stream (ADS)

How to determine Malware.AI.3534781265?



File Info:

name: 634173D4BA44882F96CE.mlw
path: /opt/CAPEv2/storage/binaries/6a3abcbd88e8dad637b6f14208da85e8f4501063daa5a7aba69e04208c93583d
crc32: 0D9031BB
md5: 634173d4ba44882f96ce4cc47c1075a6
sha1: 2e8d77f856515b21d8bef483ca99d51513262c12
sha256: 6a3abcbd88e8dad637b6f14208da85e8f4501063daa5a7aba69e04208c93583d
sha512: 75385cb0c20592461853e58e0d6109b2e2c8e61bc009e2616ccb493363f6fa5c972282b87e0bf18cf93c37069777b85f5a9ce01f419691e1d2e5ba2ff07ab9ef
ssdeep: 3072:pILL7LfqRBZfd2HcsOnYVtjOaI4PUPdefYOneg/TNV/X4lE2tXo/N8zjmNbE:U7LfqTZfsHczwe+IEsy+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T154A58D3232D1D832D42744342AAAEBAB323E7D710B25955BDBC83B581BB1786E735353
sha3_384: 55ebe622127b6119c1f93426524e21e2063b270fba835f36c2d6d849ac34e3243425ed3e0ac8a97700628fbb41fee339
ep_bytes: e8102f0000e916feffff558bec83ec08
timestamp: 2012-01-24 14:04:59


Version Info:

CompanyName: Sun Microsystems, Inc.
FileDescription: Java(TM) Update Scheduler
FileVersion: 6, 1, 1, 1
InternalName: Java(TM) Update Scheduler
LegalCopyright: Copyright (C) 2005
LegalTrademarks: Java(TM) Console
OriginalFilename: javacc.exe
ProductName: Java(TM) Update Scheduler
ProductVersion: 6, 1, 1, 1
Translation: 0x0409 0x04b0

Malware.AI.3534781265 also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGen:Variant.Zusy.434482
FireEyeGeneric.mg.634173d4ba44882f
CAT-QuickHealBackdoorAPT.CosmicDuke.C5
ALYacGen:Variant.Zusy.434482
CylanceUnsafe
VIPREGen:Variant.Zusy.434482
K7AntiVirusTrojan ( 0053eef61 )
K7GWTrojan ( 0053eef61 )
Cybereasonmalicious.4ba448
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/PSW.Agent.NYQ
APEXMalicious
ClamAVWin.Trojan.Zusy-9876296-0
KasperskyVHO:Backdoor.Win32.Convagent.gen
BitDefenderGen:Variant.Zusy.434482
NANO-AntivirusTrojan.Win32.CosmicDuke.dihblx
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10c5bdda
Ad-AwareGen:Variant.Zusy.434482
DrWebWin32.HLLW.Zebra.11
ZillyaTrojan.Agent.Win32.574173
McAfee-GW-EditionBehavesLike.Win32.Injector.vz
Trapminemalicious.moderate.ml.score
IkarusTrojan-PSW.Agent
GDataGen:Variant.Zusy.434482
AviraHEUR/AGEN.1222853
Antiy-AVLTrojan/Generic.ASMalwS.3307
ArcabitTrojan.Zusy.D6A132
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
McAfeeTrojan-FHFD!634173D4BA44
MAXmalware (ai score=88)
VBA32Trojan.Miniduke
MalwarebytesMalware.AI.3534781265
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.NYQ!tr
BitDefenderThetaGen:NN.ZexaE.34806.ew3@amZ1Xgfc
AVGWin32:Malware-gen

How to remove Malware.AI.3534781265?

Malware.AI.3534781265 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment