Malware

Malware.AI.3555184364 information

Malware Removal

The Malware.AI.3555184364 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3555184364 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Attempts to create or modify system certificates
  • Created a service that was not started
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.3555184364?



File Info:

name: 5EFA7EFCB6612C89EF27.mlw
path: /opt/CAPEv2/storage/binaries/4de16be6a9de62b1ff333dd94e63128e677eb6a52d9fbbe55d8a09a2cab161f1
crc32: D560B7B2
md5: 5efa7efcb6612c89ef27f77bd7d5a174
sha1: 8bafdce226841c0a8113d7fdff20bc5b8b7c6d13
sha256: 4de16be6a9de62b1ff333dd94e63128e677eb6a52d9fbbe55d8a09a2cab161f1
sha512: 04215ce7139d0fad9047b44d84d7ea5a888f8475cb40bb61473d7a52737d614cc0ce47ab6784dc382f03f8063a3f040ca2e26e335ecad9644bbd2823118dd5c2
ssdeep: 24576:1rO/1CqxhWC7/2w6lH0whnjvYlm/9tVwmphYE/wKwJsoYsfvjKFmCLMK27hLBbyy:1u1ZhWc/2xHbnjQlmXVJ7YVJJs4ngLMb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T113652341882B6495F0C37E700E39F8D93900F6722DAA66780D60CEE45A795F6D3EB787
sha3_384: bf4550fe3628d81e97ea51eadcb1bce3aeab67273580ad37ddadc3450e407e9388dd94fee166560b46e6a050317c2001
ep_bytes: 60be007042008dbe00a0fdffc7877c9c
timestamp: 2018-04-15 00:21:30


Version Info:

CompanyName: Mozilla Corporation
FileDescription: Kingsoft Install Tool
FileVersion: 2.1.4.4
InternalName: Kingsoft Install Tool
LegalCopyright: Copyright (C) 2017 Mozilla Corporation All rights reserved.
OriginalFilename: Kingsoft Install Tool
ProductName: Kingsoft Install Tool
ProductVersion: 2.1.4.4
Translation: 0x0409 0x04b0

Malware.AI.3555184364 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Razy.300481
FireEyeGeneric.mg.5efa7efcb6612c89
CAT-QuickHealTrojan.MauvaiseRI.S5254986
ALYacTrojan.PWS.Agent
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/Swrort.5bc9c9c6
K7GWSpyware ( 0052de311 )
K7AntiVirusTrojan ( 0053012d1 )
BitDefenderThetaGen:NN.ZexaF.34742.ynLfaKoCDZoj
ESET-NOD32a variant of Win32/Spy.Agent.PKE
TrendMicro-HouseCallTROJ_FRS.0NA103AA19
Paloaltogeneric.ml
ClamAVWin.Malware.Bugor-9836077-0
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Razy.300481
NANO-AntivirusTrojan.Win32.Mlw.fajwzd
AvastWin32:JbossMiner-B [Trj]
TencentMalware.Win32.Gencirc.114d4bc4
Ad-AwareGen:Variant.Razy.300481
EmsisoftGen:Variant.Razy.300481 (B)
ComodoMalware@#2wjoij7gp2pp4
ZillyaTrojan.Agent.Win32.895756
TrendMicroTROJ_FRS.0NA103AA19
McAfee-GW-EditionGenericRXET-CX!3EC61B980ACB
Trapminemalicious.high.ml.score
SophosMal/Generic-S
APEXMalicious
GDataGen:Variant.Razy.300481
JiangminTrojan.Generic.eevzr
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1201296
MAXmalware (ai score=96)
ViRobotTrojan.Win32.Z.Agent.1457160
MicrosoftTrojan:Win32/Swrort.A
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Swrort.R225814
McAfeeGenericRXAA-AA!5EFA7EFCB661
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.3555184364
IkarusTrojan-Spy.Agent
RisingTrojan.Occamy!8.F1CD (CLOUD)
YandexTrojan.GenAsa!125NX1n0GRw
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.PKE!tr
AVGWin32:JbossMiner-B [Trj]
Cybereasonmalicious.cb6612
PandaTrj/Genetic.gen

How to remove Malware.AI.3555184364?

Malware.AI.3555184364 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment