Malware

Should I remove “Malware.AI.372395254”?

Malware Removal

The Malware.AI.372395254 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.372395254 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Loads a driver
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 0.0.0.0:0, :0
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to stop active services
  • A process attempted to delay the analysis task by a long amount of time.
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by registry key
  • Attempts to modify proxy settings
  • Uses suspicious command line tools or Windows utilities

Related domains:

tj.kuosun.com

How to determine Malware.AI.372395254?



File Info:

name: 191C45A7717CD2787683.mlw
path: /opt/CAPEv2/storage/binaries/f5b90bad030f8ebb5485e90dc3724e213c158717fca421cc4a2bbb5a47652b98
crc32: 4E10A578
md5: 191c45a7717cd2787683b32c9c40f359
sha1: cf9e68fd26bf8ca08abfff79d8478af0eeea137b
sha256: f5b90bad030f8ebb5485e90dc3724e213c158717fca421cc4a2bbb5a47652b98
sha512: 9fbd956318e94396498a6c26f00c45eae1f10bfb037ee7c385c9caea4f054fb1e3e592c92c0b2899fdc3c87db215ae8e5e4ad6d2c6d0a476fd77b3728721cea0
ssdeep: 49152:IUuEFBWGDxZI7rFA1ml0nP9p2YxvRKcA7cAzb:IUuM0GwvFGJnFp2YpIeWb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15595338EB5C6E67EE83A4A3705A9912310F01D9915D2C8F56BA53D8E143C8273292FDF
sha3_384: 5de72422c8d1b3b33ddcc3ccf9ec736319a07345a2c3e1db21b2b6e08d9c36bb72d8333d44075660f3ba425606268a59
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-11-20 20:28:21


Version Info:

0: [No Data]

Malware.AI.372395254 also known as:

MicroWorld-eScanGen:Variant.Ursu.365816
FireEyeGen:Variant.Ursu.365816
McAfeeArtemis!191C45A7717C
CylanceUnsafe
CrowdStrikewin/malicious_confidence_60% (W)
AlibabaTrojan:Win32/Injector.e00b51ea
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZelphiF.34294.rPX@amNWx0pj
ESET-NOD32NSIS/Injector.XH
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Ursu-9848899-0
KasperskyHEUR:Rootkit.Win32.AntiAv.gen
BitDefenderGen:Variant.Ursu.365816
NANO-AntivirusTrojan.Win32.Agent.buqnk
AvastWin32:Trojan-gen
TencentWin32.Trojan.Agent.jng
Ad-AwareGen:Variant.Ursu.365816
SophosMal/Generic-S
ComodoMalware@#3i8hyj7bewqt3
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTROJ_GEN.R002C0OKM21
McAfee-GW-EditionGenericRXAM-LD!3C00478B1C5E
EmsisoftGen:Variant.Ursu.365816 (B)
IkarusTrojan.SuspectCRC
GDataGen:Variant.Ursu.365816
JiangminTrojan/Banker.Banker.rxy
eGambitUnsafe.AI_Score_72%
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwNS.606C
KingsoftWin32.Troj.Fednu.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
VBA32TScope.Trojan.Delf
ALYacGen:Variant.Ursu.365816
MAXmalware (ai score=88)
MalwarebytesMalware.AI.372395254
TrendMicro-HouseCallTROJ_GEN.R002C0OKM21
RisingAdWare.Win32.Agent.edl (CLASSIC)
YandexTrojan.PWS.Banker!o9lUZpHL8T8
AVGWin32:Trojan-gen
Cybereasonmalicious.7717cd

How to remove Malware.AI.372395254?

Malware.AI.372395254 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment