Malware

Malware.AI.379770915 information

Malware Removal

The Malware.AI.379770915 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.379770915 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Attempts to modify UAC prompt behavior

How to determine Malware.AI.379770915?



File Info:

name: BB58A573D554E3E74F7A.mlw
path: /opt/CAPEv2/storage/binaries/f5ca0ea4465b98c447f6dbb76bfbea3f9326c7af9f0a374e9efb5773d8d75811
crc32: B7A54693
md5: bb58a573d554e3e74f7a97dfb596e602
sha1: 1b3e5280edbf40d200ffb530d32164dbd348d757
sha256: f5ca0ea4465b98c447f6dbb76bfbea3f9326c7af9f0a374e9efb5773d8d75811
sha512: a0b74fa2cc8e607bbead4578a63976458a8c0cf7483375488e286f6adf730703f549223ff8e809b8d9b3f340efd5ce4af2a058b7bf465304f4b360ad774a4e74
ssdeep: 24576:2+blTzNYwcSiPKKVYkpno/B7+oxSwmpA7hw:2o1RcrPKK1A+ox+Oh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB25F06C0764E98BE25B3A7598FDF73A212813B93D4DD2107D2879D97BB0BD92821930
sha3_384: be0a21fbf056dbf9d87a50987bf7bd2d11926bb18dc03555de012829b8fad09e1fe3f5b7b30b9a3e8d6ac69802dfcf78
ep_bytes: 60be00f05f008dbe0020e0ff5783cdff
timestamp: 2021-09-01 19:59:29


Version Info:

FileDescription: AStub
FileVersion: 1.0.0.0
ProgramID: com.embarcadero.AStub
ProductName: AStub
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Malware.AI.379770915 also known as:

LionicTrojan.Win32.Worgtop.d!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Growtopia.57
MicroWorld-eScanGen:Variant.Razy.675349
FireEyeGeneric.mg.bb58a573d554e3e7
CAT-QuickHealTrojan.Worgtop
McAfeeArtemis!BB58A573D554
CylanceUnsafe
ZillyaTrojan.Growtopia.Win32.3206
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 0058c7231 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWTrojan ( 0058c7231 )
Cybereasonmalicious.3d554e
BitDefenderThetaGen:NN.ZexaF.34182.9mKfa8S5vZoi
CyrenW32/Growtopia.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/PSW.Growtopia.U
TrendMicro-HouseCallTROJ_GEN.R002C0WJ221
Paloaltogeneric.ml
KasperskyHEUR:Trojan-GameThief.Win32.Worgtop.gen
BitDefenderGen:Variant.Razy.675349
AvastWin32:PWSX-gen [Trj]
TencentWin32.Trojan-gamethief.Worgtop.Pgmq
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0WJ221
McAfee-GW-EditionBehavesLike.Win32.Backdoor.dc
EmsisoftGen:Variant.Razy.675349 (B)
JiangminTrojan.PSW.Worgtop.aa
AviraTR/Redcap.ssqdv
Antiy-AVLTrojan/Generic.ASMalwS.34953A8
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotTrojan.Win32.Z.Growtopia.1010176
GDataWin32.Trojan.GrowtopiaStealer.A
CynetMalicious (score: 99)
VBA32TrojanPSW.Growtopia
ALYacGen:Variant.Razy.675349
MAXmalware (ai score=86)
MalwarebytesMalware.AI.379770915
APEXMalicious
RisingStealer.Growtopia!8.10A8D (CLOUD)
YandexTrojan.PWS.Growtopia!3qJ4BQv/rzc
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Growtopia.I!tr.pws
AVGWin32:PWSX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.379770915?

Malware.AI.379770915 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment