Malware

Malware.AI.3728412152 (file analysis)

Malware Removal

The Malware.AI.3728412152 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3728412152 virus can do?

  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Creates a copy of itself
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.3728412152?



File Info:

name: 3500FFEEE8C74D58E042.mlw
path: /opt/CAPEv2/storage/binaries/e4d654b38fb3cb32e8277c18262521286dca2b54e829f54fb4cd2216cc275f1a
crc32: 906EC568
md5: 3500ffeee8c74d58e04281919697ed97
sha1: 722571ad37f8077b3586afac1920b30919925df0
sha256: e4d654b38fb3cb32e8277c18262521286dca2b54e829f54fb4cd2216cc275f1a
sha512: 7895d277a76b5aa92bc7de40a962da8af61df4a2bae8748cad32657bb2de812fceb8bf149bf246d5a86630427a5422aeee9ecec326d0112a6a867498de59f0aa
ssdeep: 49152:oVHRYDrHMaxgREP+d5PZ562rRksHIA/zE9AqSEcKIeyc:ovwrHMaSo+d5PZ56gRksHI0zE9A79eyc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1158502612A90E48BF35499B0D4F4EBBE49717EBC5D668102B9FEF7EDB2393140C25212
sha3_384: b3dca709e9a6c822117f047ff49504ae3b2a2b538a34c0a6088497899782fa2009b52d54c3968b7a0d18671dafcaffa5
ep_bytes: 60be00e048008dbe0030f7ff5783cdff
timestamp: 2021-11-03 09:33:50


Version Info:

CompanyName: Realtek Semiconductor
FileDescription: Realtek高清晰音频管理器
FileVersion: 1.0.703.1
InternalName: RtkNGui.exe
LegalCopyright: 2019 (c) Realtek Semiconductor.  All rights reserved.
OriginalFilename: RtkNGui.exe
ProductName: Realtek高清晰音频管理器
ProductVersion: 1.0.703.1
Translation: 0x0404 0x03b6

Malware.AI.3728412152 also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
ClamAVWin.Dropper.Tiggre-9845940-0
FireEyeGeneric.mg.3500ffeee8c74d58
McAfeeGenericRXAA-AA!3500FFEEE8C7
MalwarebytesMalware.AI.3728412152
VIPREGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004b8ab71 )
K7GWTrojan ( 004b8ab71 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.36250.UnKfa01hm2bb
CyrenW32/Injector.AUT.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Injector.BBYK
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Trojan.Win32.Scar.gen
BitDefenderGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
NANO-AntivirusTrojan.Win32.Mint.jnxmtm
AvastWin32:InjectorX-gen [Trj]
TencentMalware.Win32.Gencirc.10bc02e4
EmsisoftGen:Heur.Mint.Porcupine.UnKfb01hm2bbg (B)
F-SecureHeuristic.HEUR/AGEN.1342709
ZillyaTrojan.Injector.Win32.1311769
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminesuspicious.low.ml.score
SophosBlackMoon Packed (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Application.PSE.1ETEWJE
JiangminTrojan.Generic.hguws
AviraHEUR/AGEN.1342709
MAXmalware (ai score=84)
Antiy-AVLTrojan/Win32.Injector
ArcabitTrojan.Mint.Porcupine.UnKfb01hm2bbg
ZoneAlarmVHO:Trojan.Win32.Scar.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R501456
VBA32BScope.Backdoor.BlackHole
ALYacGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
Cylanceunsafe
RisingTrojan.Injector!8.C4 (TFE:5:w7od7DyC9B)
IkarusTrojan.Win32.Injector
FortinetRiskware/Blackmoon
AVGWin32:InjectorX-gen [Trj]
Cybereasonmalicious.ee8c74
DeepInstinctMALICIOUS

How to remove Malware.AI.3728412152?

Malware.AI.3728412152 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment