Malware

Malware.AI.3555404570 removal tips

Malware Removal

The Malware.AI.3555404570 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3555404570 virus can do?

  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Installs OpenCL library, probably to mine Bitcoins
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • Creates a copy of itself
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3555404570?



File Info:

name: 24D0B1806E2CF9EE32E2.mlw
path: /opt/CAPEv2/storage/binaries/fe03e480b91af2b61e9b48de2172867ddbc3de6274155c7b6e0d56c5b0ff1f36
crc32: 3BB612BE
md5: 24d0b1806e2cf9ee32e2db3a5528fbd7
sha1: 6aaf9d09ca99d188c4be7fe36edbf90d8b029456
sha256: fe03e480b91af2b61e9b48de2172867ddbc3de6274155c7b6e0d56c5b0ff1f36
sha512: b37592781f4106b31a46c8f68d26b0d20e2991fdd1df7cb34d5260818988d532d304a8a75511425c5296641a24bdce921a6cd25c4ac0f0bab7cce106b4fa4a99
ssdeep: 24576:1DQ81f+uvQ4xlYIVxruJzCaK9AB2EKZm+GWodEEwnyNkZ+EUPoH5KTcAxt/qvRQc:ZQofc6rczCaK9edkMAlM8ixQI5C6w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124A59D02B76509F5E163D278C5978702E3F2B85A0731E78B02E5D66D2F277A1AA3F311
sha3_384: 1763e165b244a19d3a611e3b4fbf2901cd8da59de4fdaf15c3a4b6eb5c70ca96763cac5598ee5c4689ebfcd49a8c9cd5
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-03-22 09:39:38


Version Info:

Translation: 0x0000 0x04b0
FileDescription: EthCpuMiner
FileVersion: 1.0.0.0
InternalName: EthCpuMiner.exe
LegalCopyright: Copyright ©  2017
OriginalFilename: EthCpuMiner.exe
ProductName: EthCpuMiner
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.3555404570 also known as:

LionicTrojan.Win32.Generic.lXS5
MicroWorld-eScanGen:Trojan.Heur.DNP.js0@aecuH3i
FireEyeGeneric.mg.24d0b1806e2cf9ee
CAT-QuickHealTrojan.MSIL
ALYacGen:Trojan.Heur.DNP.js0@aecuH3i
MalwarebytesMalware.AI.3555404570
SangforCoinMiner.Msil.Agent.Vsl6
AlibabaTrojan:Win64/BitCoinMiner.0670c335
Cybereasonmalicious.06e2cf
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/CoinMiner.LP
APEXMalicious
CynetMalicious (score: 99)
KasperskyUDS:Trojan.MSIL.Dnoper
BitDefenderGen:Trojan.Heur.DNP.js0@aecuH3i
AvastWin32:CoinminerX-gen [Trj]
TencentMalware.Win32.Gencirc.13eb0f9a
SophosMal/Generic-S
F-SecureTrojan.TR/CoinMiner.rrfdc
DrWebTool.BtcMine.766
VIPREGen:Trojan.Heur.DNP.js0@aecuH3i
TrendMicroTROJ_GEN.R002C0XGR23
McAfee-GW-EditionArtemis!Trojan
Trapminemalicious.moderate.ml.score
EmsisoftGen:Trojan.Heur.DNP.js0@aecuH3i (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.DNP.js0@aecuH3i
AviraTR/CoinMiner.rrfdc
Antiy-AVLTrojan/MSIL.CoinMiner
XcitiumMalware@#2zz6vejfl44i3
ArcabitTrojan.Heur.DNP.ED8E35
ZoneAlarmnot-a-virus:RiskTool.Win64.BitCoinMiner.btd
McAfeeArtemis!24D0B1806E2C
MAXmalware (ai score=81)
VBA32Trojan.MSIL.gen.m
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0XGR23
RisingTrojan.CoinMiner!8.30A (CLOUD)
MaxSecureTrojan.Malware.300983.susgen
FortinetAdware/Miner
BitDefenderThetaAI:Packer.BFB56CBE1F
AVGWin32:CoinminerX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3555404570?

Malware.AI.3555404570 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment