Malware

Malware.AI.3715853631 (file analysis)

Malware Removal

The Malware.AI.3715853631 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3715853631 virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3715853631?



File Info:

name: 524D40FC9B2422796CB9.mlw
path: /opt/CAPEv2/storage/binaries/c82235c18cfebc430cb381e1b5124acaec8285b0a265455f233c73fb6e97b208
crc32: 9FA50AA6
md5: 524d40fc9b2422796cb9ff287c5df59c
sha1: 80bd7cd3717976861c6917323999977112ae1464
sha256: c82235c18cfebc430cb381e1b5124acaec8285b0a265455f233c73fb6e97b208
sha512: 0b76fe7f3ce5eb938936b4159b78dad0c0d814a3950655bacef21ce5cb74adc7bf5c03c946562db266963b56d9afe26f3383c51a15cb59ee6bb1a20ecd116fcc
ssdeep: 6144:K2y+bnr+Lp0yN90QEB/YGXADDpn0jvF6Y+ztDGgw3AkUUzEz3hubGuy:qMrvy903TAfpnwf+JSgYUeC3hcXy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CB840262EBD98033DCB52BB068F202C31B36BDA15974436B27569A9B0CB27D4A531737
sha3_384: 34dd7657d03728020d9f5b913546c222ff758a8da0ddc880a12d7b35f807939d151250bef489bb802dd898518ed19f4c
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0409 0x04b0

Malware.AI.3715853631 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Stealerc.4!c
MicroWorld-eScanGen:Heur.Crifi.1
ClamAVWin.Packed.Lazy-9958163-0
FireEyeGen:Heur.Crifi.1
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGen:Heur.Crifi.1
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 0059955a1 )
K7GWSpyware ( 0059955a1 )
Cybereasonmalicious.371797
CyrenW32/Kryptik.JKR.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
APEXMalicious
CynetMalicious (score: 99)
KasperskyUDS:Trojan-PSW.Win32.Stealerc.gen
BitDefenderGen:Heur.Crifi.1
NANO-AntivirusTrojan.Win32.Disabler.junsud
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Heur.Crifi.1 (B)
F-SecureTrojan.TR/Dldr.Agent_AGen.ereio
DrWebTrojan.PWS.Stealer.37347
VIPREGen:Heur.Crifi.1
TrendMicroTrojan.Win32.AMADEY.YXDFWZ
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosTroj/PlugX-EC
SentinelOneStatic AI – Malicious SFX
GDataMSIL.Trojan.Disabler.F
JiangminTrojan.MSIL.aocbf
AviraTR/Dldr.Agent_AGen.ereio
Antiy-AVLTrojan/Win32.Casdet
XcitiumApplicUnwnt@#1ftfc2ja2g1dd
ZoneAlarmHEUR:Trojan-PSW.Win32.Stealerc.gen
MicrosoftTrojan:Win32/Smokeloader.GNZ!MTB
GoogleDetected
McAfeeArtemis!524D40FC9B24
MAXmalware (ai score=83)
MalwarebytesMalware.AI.3715853631
PandaTrj/CI.A
TrendMicro-HouseCallTrojan.Win32.AMADEY.YXDFWZ
RisingStealer.Agent!1.E5F0 (CLASSIC)
YandexTrojan.Disabler!G6z7qDxyklM
IkarusTrojan.Spy.Stealer
FortinetW32/Agent_AGen.DZ!tr.dldr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3715853631?

Malware.AI.3715853631 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment