Malware

Malware.AI.3649025248 (file analysis)

Malware Removal

The Malware.AI.3649025248 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3649025248 virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Likely installs a bootkit via raw harddisk modifications
  • Attempts to restart the guest VM
  • Deletes its original binary from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.3649025248?



File Info:

crc32: 3E70E7BA
md5: ddbfb527e617c295876d700e949be855
name: DDBFB527E617C295876D700E949BE855.mlw
sha1: ce2993b22b700683a7c5b8ab3a5522e5df171c86
sha256: af3e328664fd2d4857dfa18300365bbc7843d8244e2292b9078d9b40c81f9083
sha512: b106fa19a121417571e66c5d37150c22c358aefdbfc645fe547e93d70be6c9af43f1c261977867dc80e0de37e62bc3cec94fd6d185e6760e6e913506bb0fd182
ssdeep: 6144:muEqwsiRnkiCz5dWG5rQzi8hLvr6vMTsGE3riqYdb5iHtP7:NziRnA+G5whvwqVWiJdboH
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: x4f5cx8005x7248x6743x6240x6709 x8bf7x5c0ax91cdx5e76x4f7fx7528x6b63x7248
FileVersion: 1.0.0.0
Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)
ProductName: x5e94x7528x7a0bx5e8f
ProductVersion: 1.0.0.0
FileDescription: x5e94x7528x7a0bx5e8f(*.exe)
Translation: 0x0804 0x04b0

Malware.AI.3649025248 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005246d51 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.IGENERIC
ALYacGeneric.Ransom.MBRLock.3CB25C73
CylanceUnsafe
ZillyaTrojan.MBRlock.Win32.505
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaRansom:Win32/Foreign.99487605
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.7e617c
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/MBRlock.AQ
APEXMalicious
AvastFileRepMalware
ClamAVWin.Ransomware.Mbrlock-6855465-0
KasperskyTrojan-Ransom.Win32.Foreign.naew
BitDefenderGeneric.Ransom.MBRLock.3CB25C73
NANO-AntivirusTrojan.Win32.Ransom.evxiqi
MicroWorld-eScanGeneric.Ransom.MBRLock.3CB25C73
TencentMalware.Win32.Gencirc.10ba5556
Ad-AwareGeneric.Ransom.MBRLock.3CB25C73
SophosMal/Generic-S
ComodoMalware@#1uzav6j6lqn3h
BitDefenderThetaGen:NN.ZexaF.34758.GnNfaKd8!gab
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.tz
FireEyeGeneric.mg.ddbfb527e617c295
EmsisoftGeneric.Ransom.MBRLock.3CB25C73 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Foreign.etd
AviraTR/Ransom.MBRlock.sjwde
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:Win32/Molock!rfn
ArcabitGeneric.Ransom.MBRLock.3CB25C73
AegisLabTrojan.Multi.Generic.lLmM
GDataWin32.Application.PUPStudio.A
AhnLab-V3Malware/Win32.RL_Generic.R280903
Acronissuspicious
McAfeeGenericRXAA-AA!DDBFB527E617
MAXmalware (ai score=99)
VBA32Trojan-Ransom.Foreign
MalwarebytesMalware.AI.3649025248
RisingRansom.MBRlock!1.B6DC (CLASSIC)
YandexTrojan.GenAsa!Kl6dutpbKrY
IkarusTrojan.Win32.MBRlock
MaxSecureDropper.Dinwod.frindll
FortinetW32/MBRlock.AQ!tr.ransom
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Malware.AI.3649025248?

Malware.AI.3649025248 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment