Malware

What is “Malware.AI.371922111”?

Malware Removal

The Malware.AI.371922111 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.371922111 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • Attempts to modify Internet Explorer’s start page
  • Unconventionial language used in binary resources: Spanish (Modern)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Malware.AI.371922111?



File Info:

name: 54B1ADD294045BE90B71.mlw
path: /opt/CAPEv2/storage/binaries/fbfa19615c6f07a607ade5dbb4fc895534a4f21bac2ba0dcb35715d02a286042
crc32: 0B3322E2
md5: 54b1add294045be90b7138065ae7cf16
sha1: e05922a4f33f148e514a96149eed59fe731a0d38
sha256: fbfa19615c6f07a607ade5dbb4fc895534a4f21bac2ba0dcb35715d02a286042
sha512: 36df637d854718f86f6721da8a7c2281dbd131ab6e76087cb601b391e665895b73aaf3d484dee1b7ccde0a884220dae3b2b3b2cc4c791d8201cf8ad2dad7f90b
ssdeep: 24576:1vg3z/6dFmICx+NcleMsDz/6GquK9d3j36:1TTqUYFUKL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F4557D33B682983BD2721B348C6BCB985A35BE202E34549B77F93E0C4F3939179156C6
sha3_384: 64a04c8ea3e4fda0994d42beac987aaf4a1941478cd34f46564851ac86353403a64453a243029b17bbb7308fd9ce4e3a
ep_bytes: 558bec83c4f0b878025100e88864efff
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Malware.AI.371922111 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Application.IrcFast.1
FireEyeGeneric.mg.54b1add294045be9
CAT-QuickHealTrojan.GenericIH.S11638082
ALYacGen:Application.IrcFast.1
CylanceUnsafe
ZillyaAdware.FakeInstaller.Win32.1104
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.294045
CyrenW32/Agent.AQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Downloader.Ircfast potentially unwanted
APEXMalicious
ClamAVWin.Trojan.Agent-550423
Kasperskynot-a-virus:VHO:AdWare.Win32.FakeInstaller.gen
BitDefenderGen:Application.IrcFast.1
NANO-AntivirusTrojan.Win32.Click.ibft
TencentMalware.Win32.Gencirc.10b3b77c
Ad-AwareGen:Application.IrcFast.1
EmsisoftGen:Application.IrcFast.1 (B)
ComodoApplicUnsaf.Win32.AdWare.FakeInstaller.~CRSC@1mk1ni
DrWebAdware.Siggen.20408
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
SophosIRCFast Downloader (PUA)
IkarusBackdoor.Win32.Hupigon
GDataWin32.Adware.IrcFast.A
JiangminAdWare.FakeInstaller.ax
AviraAPPL/Dldr.IrcFast.Gen
Antiy-AVLTrojan/Generic.ASMalwS.70AEC
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Adware/Win32.FakeInstaller.C227774
McAfeeGenericRXFC-MZ!54B1ADD29404
MAXmalware (ai score=79)
VBA32BScope.Adware.FakeInstaller
MalwarebytesMalware.AI.371922111
RisingTrojan.Win32.StartPage.a (CLASSIC)
YandexPUA.FakeInstaller!VMWq/ohDRM8
SentinelOneStatic AI – Suspicious PE
FortinetAdware/StartPager
BitDefenderThetaAI:Packer.F29456BA16
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.371922111?

Malware.AI.371922111 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment