Categories: Malware

About “Malware.AI.3558365387” infection

The Malware.AI.3558365387 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.3558365387 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
HTTPS urls from behavior.
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
A process attempted to delay the analysis task by a long amount of time.
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
A process sent information about the computer to a remote location.
Attempts to identify installed AV products by installation directory
Attempts to modify proxy settings
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.3558365387?


File Info:
name: 43C0E88BB6E252DBDB8C.mlwpath: /opt/CAPEv2/storage/binaries/e722f8d24f2b3bbeb9ed031dfa25038f7373d4214a9083cebaf1b0969565d751crc32: 6DAE2DE8md5: 43c0e88bb6e252dbdb8ccc3c6155c57csha1: 59301fb468d6b3465e9658c0bb0c0448be924ab1sha256: e722f8d24f2b3bbeb9ed031dfa25038f7373d4214a9083cebaf1b0969565d751sha512: 096a6bc522c5d0c74a8348fe7f9898aab195ffebbf8fa0fcf08a8eb296b415ac1592bd0e5688dfe8b4805f0d7b61196ef39f3e8a8ccd413dc3b83e769ef88b58ssdeep: 6144:NBzxV9NnKPgL3ilk4cHzoMyQGvRxAWG+1GsxFMwiSP2Re8J2xiSP2Re8J2xiSP2X:NBzxLpKP2ii3GJnHxOk8k8k8kKtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T17B25BE30B0E15E26E40B5576EA6DCBED999EA4F28F5E71D35A34950B20F9190C3F3E02sha3_384: 3511fee021e8b027826704d6b7ae6ad9b45e7e804359c30cc3d6f74c0afc67a9fea6eaae5281a7c6b5c16ec00f9c18faep_bytes: 6a606878454900e83e9d0000bf940000timestamp: 2022-04-23 20:30:33
Version Info:
0: [No Data]

Malware.AI.3558365387 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Cylance	Unsafe
Cybereason	malicious.468d6b
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.GYFLZMC
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.Win32.Deyma.gen
MicroWorld-eScan	Gen:Variant.Zusy.423514
Rising	Malware.Obscure/Heur!1.A89E (RDMK:cmRtazqLUXjc0m7zjqLO2IfJcUK+)
Emsisoft	Gen:Variant.Zusy.423514 (B)
DrWeb	Trojan.Siggen17.49403
McAfee-GW-Edition	BehavesLike.Win32.Generic.dm
FireEye	Generic.mg.43c0e88bb6e252db
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.Win32.Generic
Webroot	W32.Trojan.Gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Zusy.423514
BitDefenderTheta	Gen:NN.ZexaF.34638.8mZ@a4Z74Jh
MAX	malware (ai score=81)
Malwarebytes	Malware.AI.3558365387
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMalware
Avast	FileRepMalware
CrowdStrike	win/malicious_confidence_100% (W)