Malware

Malware.AI.366994201 removal guide

Malware Removal

The Malware.AI.366994201 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.366994201 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Malware.AI.366994201?



File Info:

name: F229782DE07742279B47.mlw
path: /opt/CAPEv2/storage/binaries/fa778d59ceb75649c73408cc43a325640c80c360289cb25174406c70ca857f8c
crc32: C45A640C
md5: f229782de07742279b47fa23d3e103af
sha1: 48cf73c356fb32be115ad7a17fb11591eb5f5fac
sha256: fa778d59ceb75649c73408cc43a325640c80c360289cb25174406c70ca857f8c
sha512: 239551bbc384587f13c0682ccfc4584313eaaf427395d15db666f775a076fad2934b684d25a2f0deb1e7694ef0545fd07122bc301d3c04622cfb76befaee8404
ssdeep: 3072:QIcWsZawM0xn3pKCtzQnhpFCUFdeKg7Y3U5HXVa7/hdE2RalCJyCn/RBoutkly:QzzlpKClQhplFdwEoF4MZOXoSB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1961412DBDA1FE7E4E23D1B3ABCB65B1B1540708E55B1CC90AEA450A51E1374FB828B0D
sha3_384: 3b232b28218dc587b99a2b127b24c5573159413ddc9a45e7b215efd49ff2e4328898409ccee9d26976b1ff3526181f57
ep_bytes: 60be004042008dbe00d0fdff5789e58d
timestamp: 2011-06-29 19:57:54


Version Info:

CompanyName: Корпорация Майкрософт
FileDescription: Экранная клавиатура
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
InternalName: osk
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: osk.exe
ProductName: Операционная система Microsoft® Windows®
ProductVersion: 5.1.2600.5512
Translation: 0x0419 0x04b0

Malware.AI.366994201 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lt5d
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.547
MicroWorld-eScanTrojan.Agent.DKGJ
FireEyeGeneric.mg.f229782de0774227
CAT-QuickHealTrojanPWS.Zbot.Y
McAfeeGeneric BackDoor.wz
MalwarebytesMalware.AI.366994201
ZillyaDropper.Injector.Win32.13534
SangforTrojan.Win32.ULPM.Gen
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/Infostealer.87399afd
K7GWPassword-Stealer ( 003c6e581 )
K7AntiVirusPassword-Stealer ( 003c6e581 )
BitDefenderThetaGen:NN.ZexaF.34182.mm1@aOJxywoi
VirITTrojan.Win32.Banker.FM
CyrenW32/Zbot.DD.gen!Eldorado
SymantecPacked.Generic.350
ESET-NOD32Win32/Spy.Zbot.YW
TrendMicro-HouseCallTrojan.Win32.ZBOT.H
ClamAVWin.Dropper.Agent-334356
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.DKGJ
NANO-AntivirusTrojan.Win32.Inject.klvyk
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastFileRepMalware
TencentMalware.Win32.Gencirc.10b66d7f
EmsisoftTrojan.Agent.DKGJ (B)
ComodoTrojWare.Win32.Kryptik.ZLIA@4me7vd
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Downloader.cc
SophosMal/Generic-R + Troj/Zbot-BJA
IkarusTrojan-Spy.Zbot
JiangminPacked.Multi.fvk
WebrootW32.Infostealer.Zeus
AviraTR/Crypt.ULPM.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.1A298F
MicrosoftPWS:Win32/Zbot
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Agent.DKGJ
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win32.Injector.R20133
VBA32Malware-Cryptor.ImgChk
ALYacTrojan.Agent.DKGJ
APEXMalicious
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.Kryptik!YNs8O7zpfUs
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.3647757.susgen
FortinetW32/Kryptik.ABC!tr
AVGFileRepMalware
Cybereasonmalicious.de0774
PandaGeneric Malware

How to remove Malware.AI.366994201?

Malware.AI.366994201 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment