Categories: Malware

Malware.AI.3720014579 information

The Malware.AI.3720014579 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.3720014579 virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family
Deletes executed files from disk
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3720014579?


File Info:
name: 0BA4542D424F6AB1D0C1.mlwpath: /opt/CAPEv2/storage/binaries/b4f554d91e3aedd1708b5ece670b826e12b2bdb6dfa77e4022637ed83ed75379crc32: EF65DC25md5: 0ba4542d424f6ab1d0c193d406fae8a3sha1: 370347bb5227d28cc27fc8be45c5f64796ec2763sha256: b4f554d91e3aedd1708b5ece670b826e12b2bdb6dfa77e4022637ed83ed75379sha512: 444379c995e3a173cbafb7bcc7582dd64c4f4b85537e3256855e7d4bb097ff752a8d82a44de06e68ce2234c66908922b1bac8ee5ca530faca6dbbb053ee7234assdeep: 12288:Jy90/TiVxh7Bm24Te5HQ+o+KyOrKgClunUBgj2jweWD:JyETiVVmbiQV+KfOgGun6gj2Zotype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T110F41202EADC5533E9B9177019FA23930B3ABCF10F7453EF6681989A48736D4A131B76sha3_384: 5ea4ad8e1a28814a9e8fb248137a040b520db66c6823e7c298eaa7ef7b3551a70f7c5a9f221511213dde1f90efe47d2eep_bytes: e803070000e905000000cccccccccc6atimestamp: 2016-07-16 01:42:10
Version Info:
CompanyName: Microsoft CorporationFileDescription: Win32 Cabinet Self-Extractor                                           FileVersion: 11.00.14393.0 (rs1_release.160715-1616)InternalName: Wextract                LegalCopyright: © Microsoft Corporation. All rights reserved.OriginalFilename: WEXTRACT.EXE            .MUIProductName: Internet ExplorerProductVersion: 11.00.14393.0Translation: 0x0409 0x04b0

Malware.AI.3720014579 also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
ClamAV	Win.Packed.Disabler-9997785-0
CAT-QuickHeal	Trojan.Convagent
ALYac	IL:Trojan.MSILZilla.26869
K7AntiVirus	Spyware ( 0059955a1 )
K7GW	Spyware ( 0059955a1 )
CrowdStrike	win/malicious_confidence_70% (D)
VirIT	Trojan.Win32.GenusT.EGOV
Cyren	W32/Kryptik.JPH.gen!Eldorado
ESET-NOD32	multiple detections
APEX	Malicious
Kaspersky	UDS:Exploit.Win32.Convagent.gen
Avast	Win32:CrypterX-gen [Trj]
F-Secure	Trojan.TR/Kryptik.hgqvj
DrWeb	Trojan.Siggen19.60681
VIPRE	Trojan.Agent.GEJZ
TrendMicro	TrojanSpy.Win32.REDLINE.YXDD4Z
McAfee-GW-Edition	BehavesLike.Win32.AgentTesla.bc
Sophos	Mal/Generic-S
Ikarus	Trojan.Agent
GData	MSIL.Trojan.PSE.155XUZV
Avira	TR/Kryptik.hgqvj
Antiy-AVL	Trojan[Spy]/MSIL.RedLine
ZoneAlarm	HEUR:Exploit.Win32.Convagent.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
McAfee	Artemis!0BA4542D424F
Malwarebytes	Malware.AI.3720014579
TrendMicro-HouseCall	TrojanSpy.Win32.REDLINE.YXDD4Z
Rising	Spyware.RedLine!8.1309C (TFE:dGZlOgzW1xQdVxlLyw)
Yandex	Trojan.Kryptik!DGWFXoNPC+w
SentinelOne	Static AI – Malicious SFX
Fortinet	W32/Kryptik.GJGJ!tr
AVG	Win32:CrypterX-gen [Trj]