Malware

About “Malware.AI.3767711768” infection

Malware Removal

The Malware.AI.3767711768 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3767711768 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Malware.AI.3767711768?



File Info:

name: EB41CCCD98577BEFA956.mlw
path: /opt/CAPEv2/storage/binaries/c71daf89979579c87dc60ccb60d659296728f0c6328c389e03e8dc7a8558c1e7
crc32: AE0EDAE2
md5: eb41cccd98577befa9560146615d0051
sha1: 1963ec0eb311c9153346eb75be7ef84f665bfd60
sha256: c71daf89979579c87dc60ccb60d659296728f0c6328c389e03e8dc7a8558c1e7
sha512: 7f901a84db3b2d4b6fe05a1a50b337cd3fc3090734fae4a01c485744c77a1a68757d3fbbb26e0b1d71169fadfc33d81b1db3d848d9cef7fb152d7a605cc2dfea
ssdeep: 1536:WofJ8i39vlWqiqKzoTGWwQUxl8AgA0qgw4+pjd7mJp5JBOKhJ1hB1vBG:lfVJlWqEcqFQU78AgAngw4+pjd7mJp50
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E4635C0CB3D44629DEEE46B9FC77022642B1E186BA23D75F4C9E50A92E737C04751BE2
sha3_384: ef8a3c25d9ffc2648e21bc162c97b654106a63be77d170152ab2c1d619c95b439fae96ac339f5ecee3dcd5efbda3f11e
ep_bytes: ff250020400000000000000000000000
timestamp: 2011-12-09 19:31:50


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Home
FileDescription: WindowsFormsApplication4
FileVersion: 1.0.0.0
InternalName: WindowsFormsApplication4.exe
LegalCopyright: Copyright © Home 2011
OriginalFilename: WindowsFormsApplication4.exe
ProductName: WindowsFormsApplication4
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.3767711768 also known as:

CynetMalicious (score: 99)
FireEyeGeneric.mg.eb41cccd98577bef
McAfeeArtemis!EB41CCCD9857
Cybereasonmalicious.d98577
CyrenW32/MSIL_Agent.DJC.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Agent.UCB
KasperskyHEUR:Trojan-Banker.MSIL.Agent.gen
BitDefenderGen:Variant.Bulz.399415
MicroWorld-eScanGen:Variant.Bulz.399415
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Bulz.399415
DrWebTrojan.DownLoader6.42044
ZillyaTrojan.Agent.Win32.2799557
McAfee-GW-EditionArtemis
EmsisoftGen:Variant.Bulz.399415 (B)
IkarusTrojan.MSIL.Agent
GDataGen:Variant.Bulz.399415
JiangminTrojan.MSIL.lwdq
AviraTR/MSIL.Agent.job
MicrosoftTrojan:Win32/Wacatac.B!ml
TACHYONBanker/W32.DN-Agent.69632
AhnLab-V3Trojan/Win32.RL_Agent.C3980348
ALYacGen:Variant.Bulz.399415
MAXmalware (ai score=81)
MalwarebytesMalware.AI.3767711768
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.770480.susgen
FortinetMSIL/Agent.UCB!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3767711768?

Malware.AI.3767711768 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment