Malware

Malware.AI.3554571374 removal tips

Malware Removal

The Malware.AI.3554571374 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3554571374 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information about installed applications
  • Attempts to modify browser security settings
  • Harvests credentials from local FTP client softwares
  • Collects information to fingerprint the system

How to determine Malware.AI.3554571374?



File Info:

name: CED5DE8043CAC1B2CC75.mlw
path: /opt/CAPEv2/storage/binaries/0bdfeeb1e2b01c1a3e9d227362e77d697f8d6d2d74ce84429a9826666b817df3
crc32: CFB7F8C6
md5: ced5de8043cac1b2cc75c73a00c84e8c
sha1: af2df9574e2ea341f0bbc38fba4b0571c9c6b40f
sha256: 0bdfeeb1e2b01c1a3e9d227362e77d697f8d6d2d74ce84429a9826666b817df3
sha512: 16154b61bc9a29a84b59034610896b203a9a751613d6e4967424352440cf183a2a1deb38efbddbe4c2e1defd4acdf97a525eb35a98c2dd501312c3749b548a9b
ssdeep: 6144:DF0SvjHktJCzbPiC3hlOTWKAnX7fUH/VRueOnjbv0GcMnRVb5:2S7HktAzbaC3QAnTUtwnfvhbRVb5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11974D021E5E91B1CD021A7BB9B958422C7E9A741324524DF33112E0A6AD5C3FE9FCBF1
sha3_384: 36653239a488f1344d68d99b7d450bea79f971d9f94620a1173240af5837d216a4becb8888d8183877a77ed0be4aad91
ep_bytes: 558bec518bc08bc58bc08945fc8b45fc
timestamp: 2013-03-08 08:29:04


Version Info:

0: [No Data]

Malware.AI.3554571374 also known as:

BkavW32.AIDetect.malware2
LionicWorm.Win32.Dorifel.lIZe
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.ced5de8043cac1b2
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeePWS-Zbot-FAKU!CED5DE8043CA
CylanceUnsafe
VIPREVirtool.Win32.Obfuscator.as!c (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f26d1 )
AlibabaTrojan:Win32/Bulta.06f7a5b4
K7GWTrojan ( 0040f26d1 )
Cybereasonmalicious.043cac
ArcabitTrojan.JBot.1
BitDefenderThetaGen:NN.ZexaF.34212.vyY@ayyodnmi
CyrenW32/A-2c9eff63!Eldorado
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.AWHY
TrendMicro-HouseCallTSPY_ZBOT.SMAM
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-47060
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.JBot.1
NANO-AntivirusTrojan.Win32.Zbot.crqgmh
SUPERAntiSpywareTrojan.Agent/Gen-FakeRean
MicroWorld-eScanGen:Heur.JBot.1
AvastWin32:DangerousSig [Trj]
TencentWin32.Trojan.Spy.Tdpl
Ad-AwareGen:Heur.JBot.1
EmsisoftGen:Heur.JBot.1 (B)
ComodoTrojWare.Win32.Kryptik.AXXG@4w6hm0
DrWebTrojan.PWS.Panda.3785
ZillyaTrojan.Kryptik.Win32.355924
TrendMicroTSPY_ZBOT.SMAM
McAfee-GW-EditionPWS-Zbot-FAKU!CED5DE8043CA
SophosML/PE-A + Troj/Zbot-DUZ
APEXMalicious
JiangminTrojan/Generic.aullq
WebrootW32.Rogue.Gen
AviraTR/Spy.Zbot.ajoue
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.252699
KingsoftWin32.Troj.Zbot.jn.(kcloud)
MicrosoftPWS:Win32/Zbot
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Heur.JBot.1
SentinelOneStatic AI – Malicious PE
AhnLab-V3Spyware/Win32.Zbot.R52714
Acronissuspicious
VBA32SScope.Trojan.FakeAV.01110
ALYacGen:Heur.JBot.1
MalwarebytesMalware.AI.3554571374
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!e50FB6m6Jv8
IkarusTrojan-PWS.Win32.Zbot
FortinetW32/Kryptik.AXHH!tr
AVGWin32:DangerousSig [Trj]
PandaTrj/Hexas.HEU
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3554571374?

Malware.AI.3554571374 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment